P1 | MOD SC-8 (1) | HIGH SC-8 (1) |
SC-9 TRANSMISSION CONFIDENTIALITY
[Withdrawn: Incorporated into SC-8].
SC-10 NETWORK DISCONNECT
Control: The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity.
Supplemental Guidance: This control applies to both internal and external networks. Terminating network connections associated with communications sessions include, for example, de-allocating associated TCP/IP address/port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. Time periods of inactivity may be established by organizations and include, for example, time periods by type of network access or for specific network accesses.
Control Enhancements: None.
References: None.
Priority and Baseline Allocation:
-
P2 | LOW Not Selected | MOD SC-10 | HIGH SC-10 |
Control: The information system establishes a trusted communications path between the user and the following security functions of the system: [Assignment: organization-defined security functions to include at a minimum, information system authentication and re-authentication].
Supplemental Guidance: Trusted paths are mechanisms by which users (through input devices) can communicate directly with security functions of information systems with the requisite assurance to support information security policies. The mechanisms can be activated only by users or the security functions of organizational information systems. User responses via trusted paths are protected from modifications by or disclosure to untrusted applications. Organizations employ trusted paths for high-assurance connections between security functions of information systems and users (e.g., during system logons). Enforcement of trusted communications paths is typically provided via an implementation that meets the reference monitor concept. Related controls: AC-16, AC-25.
Control Enhancements:
-
trusted path | logical isolation
The information system provides a trusted communications path that is logically isolated and distinguishable from other paths.
References: None.
Priority and Baseline Allocation:
-
P0 | LOW Not Selected | MOD Not Selected | HIGH Not Selected |
SC-12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT
Control: The organization establishes and manages cryptographic keys for required cryptography employed within the information system in accordance with [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction].
Supplemental Guidance: Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. Organizations define key management requirements in accordance with applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance, specifying appropriate options, levels, and parameters. Organizations manage trust stores to ensure that only approved trust anchors are in such trust stores. This includes certificates with visibility external to organizational information systems and certificates related to the internal operations of systems. Related controls: SC-13, SC-17.
Control Enhancements:
-
cryptographic key establishment and management | availability
The organization maintains availability of information in the event of the loss of cryptographic keys by users.
Supplemental Guidance: Escrowing of encryption keys is a common practice for ensuring availability in the event of loss of keys (e.g., due to forgotten passphrase).
-
cryptographic key establishment and management | symmetric keys
The organization produces, controls, and distributes symmetric cryptographic keys using [Selection: NIST FIPS-compliant; NSA-approved] key management technology and processes.
-
cryptographic key establishment and management | asymmetric keys
The organization produces, controls, and distributes asymmetric cryptographic keys using [Selection: NSA-approved key management technology and processes; approved PKI Class 3 certificates or prepositioned keying material; approved PKI Class 3 or Class 4 certificates and hardware security tokens that protect the user’s private key].
-
cryptographic key establishment and management | pki certificates
[Withdrawn: Incorporated into SC-12].
-
cryptographic key establishment and management | pki certificates / hardware tokens
[Withdrawn: Incorporated into SC-12].
References: NIST Special Publications 800-56, 800-57.
Priority and Baseline Allocation:
-
Directory: publicationspublications -> Acm word Template for sig sitepublications -> Preparation of Papers for ieee transactions on medical imagingpublications -> Adjih, C., Georgiadis, L., Jacquet, P., & Szpankowski, W. (2006). Multicast tree structure and the power lawpublications -> Swiss Federal Institute of Technology (eth) Zurich Computer Engineering and Networks Laboratorypublications -> Quantitative skillspublications -> Multi-core cpu and gpu implementation of Discrete Periodic Radon Transform and Its Inversepublications -> List of Publications Department of Mechanical Engineering ucek, jntu kakinadapublications -> 1. 2 Authority 1 3 Planning Area 1publications -> Sa michelson, 2011: Impact of Sea-Spray on the Atmospheric Surface Layer. Bound. Layer Meteor., 140 ( 3 ), 361-381, doi: 10. 1007/s10546-011-9617-1, issn: Jun-14, ids: 807TW, sep 2011 Bao, jw, cw fairall, sa michelson
Share with your friends: |