Device Class 2: Transmission Confidentiality And Integrity
Control ID: SC-8 Transmission Confidentiality And Integrity | Family: System and Communications Protection | Source: NIST 800-53r4 | |||||||||||||||||||||||||||||||||||||||||||||
Control: The information system protects the confidentiality and integrity of transmitted information. | |||||||||||||||||||||||||||||||||||||||||||||||
Supplemental Guidance: This control applies to both internal and external networks and all types of information system components from which information can be transmitted (e.g.,servers, mobile devices, notebook computers, printers, copiers, scanners, facsimile machines). Communication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification. Protecting the confidentiality and integrity of organizational information can be accomplished by physical means (e.g., by employing protected distribution systems) or by logical means (e.g., employing encryption techniques). Organizations relying on commercial providers offering transmission services as commodity services rather than as fully dedicated services (i.e., services which can be highly specialized to individual customer needs), may find it difficult to obtain the necessary assurances regarding the implementation of needed security controls for transmission confidentiality/integrity. In such situations, organizations determine what types of confidentiality/integrity services are available in standard, commercial telecommunication service packages. If it is infeasible or impractical to obtain the necessary security controls and assurances of control effectiveness through appropriate contracting vehicles, organizations implement appropriate compensating security controls or explicitly accept the additional risk. Related Controls: AC-17, PE-4 |
|||||||||||||||||||||||||||||||||||||||||||||||
Control Enhancements:
(2) Transmission Confidentiality And Integrity | Cryptographic Or Alternate Physical Protection The information system implements cryptographic mechanisms to prevent unauthorized disclosure of information and detect changes to information during transmission unless otherwise protected by [Assignment: organization-defined alternative physical safeguards]. Supplemental Guidance: Encrypting information for transmission protects information from unauthorized disclosure and modification. Cryptographic mechanisms implemented to protect information integrity include, for example, cryptographic hash functions which have common application in digital signatures, checksums, and message authentication codes. Alternative physical security safeguards include, for example, protected distribution systems. Related Controls: SC-13 (1) Transmission Confidentiality And Integrity | Cryptographic Or Alternate Physical Protection The information system implements cryptographic mechanisms to detect changes to information during transmission unless otherwise protected by [Assignment: organization-defined alternative physical safeguards]. Supplemental Guidance: Encrypting information for transmission protects information from unauthorized disclosure and modification. Cryptographic mechanisms implemented to protect information integrity include, for example, cryptographic hash functions which have common application in digital signatures, checksums, and message authentication codes. Alternative physical security safeguards include, for example, protected distribution systems. Related Controls: N/A |
|||||||||||||||||||||||||||||||||||||||||||||||
References: N/A | |||||||||||||||||||||||||||||||||||||||||||||||
Mechanisms:
|
|||||||||||||||||||||||||||||||||||||||||||||||
Protocol Implementation Conformance Statements:
|