SC-23 Session Authenticity
Control: The information system provides mechanisms to protect the authenticity of communications sessions.
Supplemental Guidance: This control focuses on communications protection at the session, versus packet, level. The intent of this control is to implement session-level protection where needed (e.g., in service-oriented architectures providing web-based services). NIST Special Publication 800-52 provides guidance on the use of transport layer security (TLS) mechanisms. NIST Special Publication 800-77 provides guidance on the deployment of IPsec virtual private networks (VPNs) and other methods of protecting communications sessions. NIST Special Publication 800-95 provides guidance on secure web services.
Control Enhancements: (0) None.
Baseline: LOW Not Selected MOD SC-23 HIGH SC-23
Family: System And Communications Protection
Class: Technical
ISO 17799 mapping: None.
COBIT 4.1 mapping: AC6, DS5.11
PCI-DSS v2 mapping: None.