SC-23 Session Authenticity

    Control: The information system provides mechanisms to protect the authenticity of communications sessions.

    Supplemental Guidance: This control focuses on communications protection at the session, versus packet, level. The intent of this control is to implement session-level protection where needed (e.g., in service-oriented architectures providing web-based services). NIST Special Publication 800-52 provides guidance on the use of transport layer security (TLS) mechanisms. NIST Special Publication 800-77 provides guidance on the deployment of IPsec virtual private networks (VPNs) and other methods of protecting communications sessions. NIST Special Publication 800-95 provides guidance on secure web services.

    Control Enhancements: (0) None.

    Baseline: LOW Not Selected MOD SC-23 HIGH SC-23

    Family: System And Communications Protection

    Class: Technical

    ISO 17799 mapping: None.

    COBIT 4.1 mapping: AC6, DS5.11

    PCI-DSS v2 mapping: None.