SC-17 Public Key Infrastructure Certificates
Control: The organization issues public key certificates under an appropriate certificate policy or obtains public key certificates under an appropriate certificate policy from an approved service provider.
Supplemental Guidance: For user certificates, each agency either establishes an agency certification authority cross-certified with the Federal Bridge Certification Authority at medium assurance or higher or uses certificates from an approved, shared service provider, as required by OMB Memorandum 05-24. NIST Special Publication 800-32 provides guidance on public key technology. NIST Special Publication 800-63 provides guidance on remote electronic authentication.
Control Enhancements: (0) None.
Baseline: LOW Not Selected MOD SC-17 HIGH SC-17
Family: System And Communications Protection
ISO 17799 mapping: 12.3.2
COBIT 4.1 mapping: None.
PCI-DSS v2 mapping: None.