SC-17: PUBLIC KEY INFRASTRUCTURE CERTIFICATES

TAILORED FOR INDUSTRIAL CONTROL SYSTEMS

ICS Control Baselines:
Moderate
High

The organization issues public key certificates under an [Assignment: organization-defined certificate policy] or obtains public key certificates from an approved service provider.

SUPPLEMENTAL GUIDANCE

For all certificates, organizations manage information system trust stores to ensure only approved trust anchors are in the trust stores. This control addresses both certificates with visibility external to organizational information systems and certificates related to the internal operations of systems, for example, application-specific time services.

ICS SUPPLEMENTAL GUIDANCE

No ICS Supplemental Guidance.

SC-12 — SYSTEM AND COMMUNICATIONS PROTECTION | CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT

CONTROL ENHANCEMENTS

NO CONTROL ENHANCEMENTS

REFERENCES:

NIST Special Publication 800-32
NIST Special Publication 800-63
OMB Memorandum 05-24