SC-11(1)

Requirement
1. Provide a trusted communications path that is irrefutably distinguishable from other communications paths; and
2. Initiate the trusted communications path for communications between the [Assignment: organization-defined security functions] of the system and the user.

Discussion

An irrefutable communications path permits the system to initiate a trusted path, which necessitates that the user can unmistakably recognize the source of the communication as a trusted system component. For example, the trusted path may appear in an area of the display that other applications cannot access or be based on the presence of an identifier that cannot be spoofed.

NIST 800-53A Assessment Guidance

Examine

[SELECT FROM: System and communications protection policy; procedures addressing trusted communication paths; security plan; system design documentation; system configuration settings and associated documentation; assessment results from independent, testing organizations; system audit records; system security plan; other relevant documents or records].

Interview

[SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; system developer].

Test

[SELECT FROM: Mechanisms supporting and/or implementing trusted communication paths].

ID	Assessment Objectives
SC-11(01)(b)	the trusted communication path for communications between the <SC-11(01)_ODP security functions> of the system and the user is initiated.
SC-11(01)(a)	a trusted communication path that is irrefutably distinguishable from other communication paths is provided;

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!