SC-23(5)

  • Requirement

    Only allow the use of [Assignment: organization-defined certificate authorities] for verification of the establishment of protected sessions.

  • Discussion

    Reliance on certificate authorities for the establishment of secure sessions includes the use of Transport Layer Security (TLS) certificates. These certificates, after verification by their respective certificate authorities, facilitate the establishment of protected sessions between web clients and web servers.

More Info

  • Title

    Session Authenticity | Allowed Certificate Authorities
  • Family

    System and Communications Protection
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

      SC-12;SC-13

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!