>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SC-17Public Key Infrastructure Certificates

PBMM (P3)
Secret (P3)
Technical

>Control Description

(A) The organization issues public key certificates under an organization-defined certificate policy or obtains public key certificates from an approved service provider.

>Supplemental Guidance

For all certificates, organizations manage information system trust stores to ensure only approved trust anchors are in the trust stores. This control addresses both certificates with visibility external to organizational information systems and certificates related to the internal operations of systems, for example, application-specific time services. Related control: SC-12

>Tailoring Guidance

This security control ensures that public key certificates are issued from an appropriate GC Certification Authority.

Ask AI

Configure your API key to use AI features.