Skip to main content

💼 SC-23 Session Authenticity (M)(H)

Contextual name: 💼 SC-23 Session Authenticity (M)(H)
ID: /frameworks/fedramp-moderate-security-controls/sc/23
Located in: 💼 System and Communications Protection

Description

Protect the authenticity of communications sessions.

Similar

Sections
- /frameworks/fedramp-high-security-controls/sc/23
Internal
- ID: dec-c-ec7c216d

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 FedRAMP High Security Controls → 💼 SC-23 Session Authenticity (M)(H)		7	13

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (13)

Policy	Logic Count	Flags
📝 AWS API Gateway REST API Stage is not configured to use an SSL certificate for authentication 🟢	1	🟢 x6
📝 AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic 🟢	1	🟢 x6
📝 AWS CloudFront Web Distribution does not encrypt traffic to Custom Origins 🟢	1	🟢 x6
📝 AWS CloudFront Web Distribution uses default SSL/TLS certificate 🟢	1	🟢 x6
📝 AWS CloudFront Web Distribution uses Dedicated IP for SSL 🟢	1	🟢 x6
📝 AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins 🟢	1	🟢 x6
📝 AWS DMS Endpoint doesn't use SSL 🟢	1	🟢 x6
📝 AWS S3 Bucket Policy is not set to deny HTTP requests 🟢	1	🟢 x6
📝 Azure App Service FTP deployments are not disabled 🟢	1	🟢 x6
📝 Azure App Service HTTPS Only configuration is not enabled 🟢	1	🟢 x6
📝 Azure MySQL Flexible Server require_secure_transport Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure PostgreSQL Flexible Server require_secure_transport Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure PostgreSQL Single Server Enforce SSL Connection is not set enabled 🟢	1	🟢 x6

Description
Similar
Similar Sections (Take Policies From)
Sub Sections
Policies (13)