SC-23(5)

Requirement

Only allow the use of [Assignment: organization-defined certificate authorities] for verification of the establishment of protected sessions.

Discussion

Reliance on certificate authorities for the establishment of secure sessions includes the use of Transport Layer Security (TLS) certificates. These certificates, after verification by their respective certificate authorities, facilitate the establishment of protected sessions between web clients and web servers.

NIST 800-53A Assessment Guidance

Examine

[SELECT FROM: System and communications protection policy; procedures addressing session authenticity; system design documentation; system configuration settings and associated documentation; list of certificate authorities allowed for verification of the establishment of protected sessions; system audit records; system security plan; other relevant documents or records].

Interview

[SELECT FROM: System/network administrators; organizational personnel with information security responsibilities].

Test

[SELECT FROM: Mechanisms supporting and/or implementing the management of certificate authorities].

ID	Assessment Objectives
SC-23(05)	only the use of <SC-23(05)_ODP certificated authorities> for verification of the establishment of protected sessions is allowed.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!