SC.L2-3.13.15—Communications Authenticity
Level 2
800-171: 3.13.15
>Control Description
Protect the authenticity of communications sessions.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your policy for protecting communications session authenticity?
- •What technologies do you use to ensure session authenticity?
- •How do you verify that communications are protected against session hijacking?
- •Who is responsible for implementing session protection mechanisms?
Technical Implementation:
- •What cryptographic protocols protect session authenticity (TLS with mutual auth)?
- •What technologies prevent session hijacking?
- •What mechanisms verify session integrity?
- •What tools detect man-in-the-middle attacks?
- •What session tokens or cookies provide authenticity?
Evidence & Documentation:
- •What network diagrams show boundary protection architecture?
- •What firewall rule sets and configurations can you provide?
- •What encryption implementation documentation shows FIPS-validated crypto?
- •What key management procedures can you provide?
- •What network segmentation documentation shows proper separation?
- •What evidence shows cryptographic mechanisms protect CUI?
- •What configuration documentation shows security controls are properly implemented?
Ask AI
Configure your API key to use AI features.