FedRAMP Control Explorer

Controls

Access Control

Assessment, Authorization, and Monitoring

Audit and Accountability

Awareness and Training

Configuration Management

Contingency Planning

Identification and Authentication

Incident Response

Maintenance

Media Protection

Personnel Security

Physical and Environmental Protection

Planning

Risk Assessment

Supply Chain Risk Management

System and Communications Protection

System and Information Integrity

System and Services Acquisition

SC-23 Session Authenticity

Control

Protect the authenticity of communications sessions.

Discussion

Protecting session authenticity addresses communications protection at the session level, not at the packet level. Such protection establishes grounds for confidence at both ends of communications sessions in the ongoing identities of other parties and the validity of transmitted information. Authenticity protection includes protecting against “man-in-the-middle” attacks, session hijacking, and the insertion of false information into sessions.

FedRAMP-Defined Assignment / Selection Parameters

N/A