Description
The information system provides mechanisms to protect the authenticity of communications sessions.\n
Supplemental Guidance
This control focuses on communications protection at the session, versus packet, level. The intent of this control is to implement session-level protection where needed (e.g., in service-oriented architectures providing web-based services). NIST Special Publication 800-52 provides guidance on the use of transport layer security (TLS) mechanisms. NIST Special Publication 800-77 provides guidance on the deployment of IPsec virtual private networks (VPNs) and other methods of protecting communications sessions. NIST Special Publication 800-95 provides guidance on secure web services.\n
Enhancements
(0) None.\n
Compliance Mappings
ISO 17799 (legacy)
None.
COBIT 4.1 (legacy)
AC6DS5.11