← Controls / SC

SC-09 Transmission Confidentiality

System and Communications Protection

Low Moderate High

Description

The information system protects the confidentiality of transmitted information.\n

Supplemental Guidance

If the organization is relying on a commercial service provider for transmission services as a commodity item rather than a fully dedicated service, it may be more difficult to obtain the necessary assurances regarding the implementation of needed security controls for transmission confidentiality. When it is infeasible or impractical to obtain the necessary security controls and assurances of control effectiveness through appropriate contracting vehicles, the organization either implements appropriate compensating security controls or explicitly accepts the additional risk. NIST Special Publication 800-52 provides guidance on protecting transmission confidentiality using Transport Layer Security (TLS). NIST Special Publication 800-77 provides guidance on protecting transmission confidentiality using IPsec. NSTISSI No. 7003 contains guidance on the use of Protective Distribution Systems. Related security control: AC-17.\n

Enhancements

\n

Compliance Mappings

ISO 17799 (legacy)

10.6.110.8.110.9.1

COBIT 4.1 (legacy)

DS5.11AC6