SI-4(10)

  • Requirement

    Make provisions so that [Assignment: organization-defined encrypted communications traffic] is visible to [Assignment: organization-defined system monitoring tools and mechanisms].

  • Discussion

    Organizations balance the need to encrypt communications traffic to protect data confidentiality with the need to maintain visibility into such traffic from a monitoring perspective. Organizations determine whether the visibility requirement applies to internal encrypted traffic, encrypted traffic intended for external destinations, or a subset of the traffic types.

More Info

  • Title

    System Monitoring | Visibility of Encrypted Communications
  • Family

    System and Information Integrity
  • NIST 800-53B Baseline(s)

    • High
  • Related NIST 800-53 ID

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!