Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

sc-11

trusted path

assessment objective:

Determine if:

sc-11[1]

the organization defines security functions of the information system;

sc-11[2]

the organization-defined security functions include at a minimum, information system authentication and re-authentication; and

sc-11[3]

the information system establishes a trusted communications path between the user and the organization-defined security functions of the system.

potential assessment methods and objects:

Examine: [select from: System and communications protection policy; procedures addressing trusted communications paths; security plan; information system design documentation; information system configuration settings and associated documentation; assessment results from independent, testing organizations; information system audit records; other relevant documents or records].

Interview: [select from: System/network administrators; organizational personnel with information security responsibilities; system developer].

Test: [select from: Automated mechanisms supporting and/or implementing trusted communications paths].