SC-23 Session Authenticity

Control: The information system provides mechanisms to protect the authenticity of communications sessions.

Supplemental Guidance: This control focuses on communications protection at the session, versus packet, level. The intent of this control is to implement session-level protection where needed (e.g., in service-oriented architectures providing web-based services). NIST Special Publication 800-52 provides guidance on the use of transport layer security (TLS) mechanisms. NIST Special Publication 800-77 provides guidance on the deployment of IPsec virtual private networks (VPNs) and other methods of protecting communications sessions. NIST Special Publication 800-95 provides guidance on secure web services.

Control Enhancements: (0) None.

Baseline: LOW Not Selected MOD SC-23 HIGH SC-23

Family: System And Communications Protection

Class: Technical

ISO 17799 mapping: None.

COBIT 4.1 mapping: AC6, DS5.11

PCI-DSS v2 mapping: None.