Information Technology Reference
In-Depth Information
Category/
Subcategory/
Element
Control
Reference
Control Summary
Interpretation
SC-13
Use of cryptography
For information requiring
cryptographic protection, the
information system implements
cryptographic mechanisms that
comply with applicable laws,
executive orders, directives,
policies, regulations, standards,
and guidance.
SC-14
Public access
protections
The information system protects
the integrity and availability of
publicly available information and
applications.
SC-15
Collaborative
computing
The information system prohibits
remote activation of collaborative
computing mechanisms and
provides an explicit indication of
use to the local users.
SC-16
Transmission of
security parameters
The information system reliably
associates security parameters
with information exchanged
between information systems.
SC-17
Public key
infrastructure
certificates
The organization issues public key
certificates under an appropriate
certificate policy or obtains public
key certificates under an
appropriate certificate policy from
an approved service provider.
SC-18
Mobile code
The organization: (i) establishes
usage restrictions and
implementation guidance for
mobile code technologies based
on the potential to cause damage
to the information system if used
maliciously; and (ii) authorizes,
monitors, and controls the use of
mobile code within the
information system.
