Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The information system implements cryptographic mechanisms to protect the integrity and confidentiality of nonlocal maintenance and diagnostic communications.
NIST 800-53 (r4) Supplemental Guidance:
Related controls: SC-8, SC-13.
References: FIPS Publications 140-2, 197, 201; NIST Special Publications 800-63, 800-88; CNSS Policy 15.
NIST 800-53 (r5) Discussion:
Failure to protect nonlocal maintenance and diagnostic communications can result in unauthorized individuals gaining access to organizational information. Unauthorized access during remote maintenance sessions can result in a variety of hostile actions, including malicious code insertion, unauthorized changes to system parameters, and exfiltration of organizational information. Such actions can result in the loss or degradation of mission or business capabilities.
38North Guidance:
Meets Minimum Requirement:
Nonlocal maintenance and diagnostic communications channels (either via an internal or external network) must be be encrypted
Best Practice:
Cryptographic Module Validation Program: https://csrc.nist.gov/projects/cryptographic-module-validation-program
Unofficial FedRAMP Guidance: Encryption module must be FIPS 140-2 validated
Assessment Evidence:
Artifacts (e.g. configuration settings) that show the type of encryption that is being used during network communication for nonlocal maintenance procedures
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse