SC-16: TRANSMISSION OF SECURITY ATTRIBUTES

NOT SELECTED FOR INDUSTRIAL CONTROL SYSTEMS

The information system associates [Assignment: organization-defined security attributes] with information exchanged between information systems and between system components.

SUPPLEMENTAL GUIDANCE

Security attributes can be explicitly or implicitly associated with the information contained in organizational information systems or system components.

CONTROL ENHANCEMENTS

SC-16 (1) TRANSMISSION OF SECURITY ATTRIBUTES | INTEGRITY VALIDATION

The information system validates the integrity of transmitted security attributes.

Supplemental Guidance:

This control enhancement ensures that the verification of the integrity of transmitted information includes security attributes.

RELATED CONTROLS: SC-16 (1)

• AU-10 — AUDIT AND ACCOUNTABILITY | NON-REPUDIATION
• SC-8 — SYSTEM AND COMMUNICATIONS PROTECTION | TRANSMISSION CONFIDENTIALITY AND INTEGRITY

REFERENCES:

• NIST Special Publication 800-82 | GUIDE TO INDUSTRIAL CONTROL SYSTEMS (ICS) SECURITY