What is Session authenticity?

What is Session authenticity?

Discussion. Protecting session authenticity addresses communications protection at the session level, not at the packet level. Such protection establishes grounds for confidence at both ends of communications sessions in the ongoing identities of other parties and the validity of transmitted information.

What is sc 23?

The information system protects the authenticity of communications sessions. ( SC-23 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4) Protect the authenticity of communications sessions. (

Does the system provide mechanisms to protect the authenticity of device to device communications sessions?

Control: The information system provides mechanisms to protect the authenticity of communications sessions.

What is system and communications protection?

The systems and communications protection policy establishes the rules necessary to properly establish network segmentation and boundary protection thought the organization, as well as establishing the necessary rules around how cryptography will be implemented.

What is a system and information integrity policy?

System and information integrity provide assurance that the information being accessed has not been tampered with or damaged by an error in the information system. Examples of system and information integrity requirements include: Flaw remediation; Information input validation; Error-handling; and.

What is authenticity protection and how does it work?

Authenticity protection includes, for example, protecting against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions. This control enhancement curtails the ability of adversaries from capturing and continuing to employ previously valid session IDs.

What is session-level control?

This control addresses communications protection at the session, versus packet level (e.g., sessions in service-oriented architectures providing web-based services) and establishes grounds for confidence at both ends of communications sessions in ongoing identities of other parties and in the validity of information transmitted.

What is the session ID withdrawn enhancement?

This control enhancement curtails the ability of adversaries from capturing and continuing to employ previously valid session IDs. The information system invalidates session identifiers upon user logout or other session termination. Withdrawn: Incorporated into AC-12 (1).

How does the information system generate session identifiers?

The information system generates a unique session identifier for each session with Assignment: organization-defined randomness requirements and recognizes only session identifiers that are system-generated. Withdrawn: Incorporated into SC-23 (3).

author

Back to Top