SC-17

  • Requirement

    a. Issue public key certificates under an [Assignment: organization-defined certificate policy] or obtain public key certificates from an approved service provider; and
    b. Include only approved trust anchors in trust stores or certificate stores managed by the organization.

  • Discussion

    Public key infrastructure (PKI) certificates are certificates with visibility external to organizational systems and certificates related to the internal operations of systems, such as application-specific time services. In cryptographic systems with a hierarchical structure, a trust anchor is an authoritative source (i.e., a certificate authority) for which trust is assumed and not derived. A root certificate for a PKI system is an example of a trust anchor. A trust store or certificate store maintains a list of trusted root certificates.

More Info

  • Title

    Public Key Infrastructure Certificates

  • Family

    System and Communications Protection

  • Related NIST 800-53 ID

    AU-10;IA-5;SC-12

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!

Learn More