SC-8(2)—Transmission Confidentiality and Integrity | Pre- and Post-transmission Handling

IL5

IL6

>Control Description

Maintain the [Selection (one or more): confidentiality; integrity] of information during preparation for transmission and during reception.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Information can be unintentionally or maliciously disclosed or modified during preparation for transmission or during reception, including during aggregation, at protocol transformation points, and during packing and unpacking. Such unauthorized disclosures or modifications compromise the confidentiality or integrity of the information.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

•What policies govern the implementation of pre- and post-transmission handling?
•How are system and communications protection requirements defined and maintained?
•Who is responsible for configuring and maintaining the security controls specified in SC-8(2)?

Technical Implementation:

•How is pre- and post-transmission handling technically implemented in your environment?
•What systems, tools, or configurations enforce this protection requirement?
•How do you ensure that pre- and post-transmission handling remains effective as the system evolves?

Evidence & Documentation:

•What documentation demonstrates the implementation of SC-8(2)?
•Can you provide configuration evidence or system diagrams showing this protection control?
•What logs or monitoring data verify that this control is functioning correctly?

Ask AI

Configure your API key to use AI features.