compliance controls are associated with this Policy definition 'Enforce random unique session identifiers' (c7d57a6a-7cc2-66c0-299f-83bf90558f5d)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
SC-23 |
FedRAMP_High_R4_SC-23 |
FedRAMP High SC-23 |
System And Communications Protection |
Session Authenticity |
Shared |
n/a |
The information system protects the authenticity of communications sessions.
Supplemental Guidance: This control addresses communications protection at the session, versus packet level (e.g., sessions in service-oriented architectures providing web-based services) and establishes grounds for confidence at both ends of communications sessions in ongoing identities of other parties and in the validity of information transmitted. Authenticity protection includes, for example, protecting against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions. Related controls: SC-8, SC-10, SC-11.
References: NIST Special Publications 800-52, 800-77, 800-95. |
link |
2 |
| FedRAMP_Moderate_R4 |
SC-23 |
FedRAMP_Moderate_R4_SC-23 |
FedRAMP Moderate SC-23 |
System And Communications Protection |
Session Authenticity |
Shared |
n/a |
The information system protects the authenticity of communications sessions.
Supplemental Guidance: This control addresses communications protection at the session, versus packet level (e.g., sessions in service-oriented architectures providing web-based services) and establishes grounds for confidence at both ends of communications sessions in ongoing identities of other parties and in the validity of information transmitted. Authenticity protection includes, for example, protecting against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions. Related controls: SC-8, SC-10, SC-11.
References: NIST Special Publications 800-52, 800-77, 800-95. |
link |
2 |
| hipaa |
0948.09y2Organizational.3-09.y |
hipaa-0948.09y2Organizational.3-09.y |
0948.09y2Organizational.3-09.y |
09 Transmission Protection |
0948.09y2Organizational.3-09.y 09.09 Electronic Commerce Services |
Shared |
n/a |
Where a trusted authority is used (e.g., for the purposes of issuing and maintaining digital signatures and/or digital certificates), security is integrated and embedded throughout the entire end-to-end certificate/signature management process. |
|
6 |
| NIST_SP_800-171_R2_3 |
.13.15 |
NIST_SP_800-171_R2_3.13.15 |
NIST SP 800-171 R2 3.13.15 |
System and Communications Protection |
Protect the authenticity of communications sessions. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Authenticity protection includes protecting against man-in-the-middle attacks, session hijacking, and the insertion of false information into communications sessions. This requirement addresses communications protection at the session versus packet level (e.g., sessions in service-oriented architectures providing web-based services) and establishes grounds for confidence at both ends of communications sessions in ongoing identities of other parties and in the validity of information transmitted. [SP 800-77], [SP 800-95], and [SP 800-113] provide guidance on secure communications sessions. |
link |
2 |
| NIST_SP_800-53_R4 |
SC-23 |
NIST_SP_800-53_R4_SC-23 |
NIST SP 800-53 Rev. 4 SC-23 |
System And Communications Protection |
Session Authenticity |
Shared |
n/a |
The information system protects the authenticity of communications sessions.
Supplemental Guidance: This control addresses communications protection at the session, versus packet level (e.g., sessions in service-oriented architectures providing web-based services) and establishes grounds for confidence at both ends of communications sessions in ongoing identities of other parties and in the validity of information transmitted. Authenticity protection includes, for example, protecting against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions. Related controls: SC-8, SC-10, SC-11.
References: NIST Special Publications 800-52, 800-77, 800-95. |
link |
2 |
| NIST_SP_800-53_R5 |
SC-23 |
NIST_SP_800-53_R5_SC-23 |
NIST SP 800-53 Rev. 5 SC-23 |
System and Communications Protection |
Session Authenticity |
Shared |
n/a |
Protect the authenticity of communications sessions. |
link |
2 |
| SWIFT_CSCF_v2022 |
2.1 |
SWIFT_CSCF_v2022_2.1 |
SWIFT CSCF v2022 2.1 |
2. Reduce Attack Surface and Vulnerabilities |
Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. |
Shared |
n/a |
Confidentiality, integrity, and authentication mechanisms are implemented to protect SWIFT-related component-to-component or system-to-system data flows. |
link |
36 |