Control statement
Protect the authenticity of communications sessions.
Parameter placeholders {{ insert: param, … }} reference FedRAMP-set values in the resolved profile. Full parameter map is
preserved in the catalog database.
Covered by these Key Security Indicators
| KSI | Title | Category |
|---|---|---|
| KSI-IAM-01 | Phishing-Resistant MFA Enforce multi-factor authentication (MFA) using methods that are difficult to intercept or impersonate (phishing-resistant MFA) for all user authentication. | Identity and Access Management |
| KSI-IAM-04 | Just-in-Time Authorization Use a least-privileged, role and attribute-based, and just-in-time security authorization model for all user and non-user accounts and services. | Identity and Access Management |
| KSI-IAM-05 | Least Privilege _Persistently_ ensure that identity and access management employs measures to ensure each user or device can only access the resources they need. | Identity and Access Management |
| KSI-SVC-02 | Network Encryption Encrypt or otherwise secure network traffic. | Service Configuration |
| KSI-SVC-05 | Resource Integrity Use cryptographic methods to validate the integrity of machine-based information resources. | Service Configuration |
| KSI-SVC-09 | Communication Integrity Persistently validate the authenticity and integrity of communications between _machine-based_ _information resources_ using automation. | Service Configuration |