Description
The information system establishes a trusted communications path between the user and the following security functions of the system: [Assignment: organization-defined security functions to include at a minimum, information system authentication and reauthentication].\n
Supplemental Guidance
A trusted path is employed for high-confidence connections between the security functions of the information system and the user (e.g., for login).\n
Changes from Rev 4
Expands control text Adds parameter to provide physically or logically isolated trusted communications path Changes parameter to invoke the trusted communications path for specified security functions Expands discussion to describe historic implementation of Trusted Path as well as current usage
Enhancements
(0) None.\n
Compliance Mappings
ISO 27002:2022
8.5
ISO 17799 (legacy)
10.9.2
COBIT 4.1 (legacy)
DS5.11AC6