Skip to main content

💼 SC-23 Session Authenticity (M)(H)

  • ID: /frameworks/fedramp-high-security-controls/sc/23

Description

Protect the authenticity of communications sessions.

Similar

  • Sections
    • /frameworks/nist-sp-800-53-r5/sc/23
  • Internal
    • ID: dec-c-ec7c216d

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST SP 800-53 Revision 5 → 💼 SC-23 Session Authenticity57no data

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 FedRAMP Moderate Security Controls → 💼 SC-23 Session Authenticity (M)(H)13no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (13)

PolicyLogic CountFlagsCompliance
🛡️ AWS API Gateway REST API Stage is not configured to use an SSL certificate for authentication🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution does not encrypt traffic to Custom Origins🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution uses default SSL/TLS certificate🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution uses Dedicated IP for SSL🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins🟢1🟢 x6no data
🛡️ AWS DMS Endpoint doesn't use SSL🟢1🟢 x6no data
🛡️ AWS S3 Bucket Policy is not set to deny HTTP requests🟢1🟢 x6no data
🛡️ Azure App Service FTP deployments are not disabled🟢1🟢 x6no data
🛡️ Azure App Service HTTPS Only configuration is not enabled🟢1🟢 x6no data
🛡️ Azure MySQL Flexible Server require_secure_transport Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure PostgreSQL Flexible Server require_secure_transport Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure PostgreSQL Single Server Enforce SSL Connection is not set enabled🟢1🟢 x6no data

Internal Rules

RulePoliciesFlags
✉️ dec-x-14f5fc251
✉️ dec-x-75db76ad1
✉️ dec-x-791dab131
✉️ dec-x-3181f3591
✉️ dec-x-995424b72
✉️ dec-x-c0a7793e1
✉️ dec-x-d5fbfc401