SC-37(1)—Ensure Delivery And Transmission
>Control Description
Employ ⚙organization-defined controls to ensure that only ⚙organization-defined individuals or systems receive the following information, system components, or devices: ⚙organization-defined information, system components, or devices.
>Cross-Framework Mappings
>Supplemental Guidance
Techniques employed by organizations to ensure that only designated systems or individuals receive certain information, system components, or devices include sending authenticators via an approved courier service but requiring recipients to show some form of government-issued photographic identification as a condition of receipt.
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern the implementation of ensure delivery and transmission?
- •How are system and communications protection requirements defined and maintained?
- •Who is responsible for configuring and maintaining the security controls specified in SC-37(1)?
Technical Implementation:
- •How is ensure delivery and transmission technically implemented in your environment?
- •What systems, tools, or configurations enforce this protection requirement?
- •How do you ensure that ensure delivery and transmission remains effective as the system evolves?
Evidence & Documentation:
- •What documentation demonstrates the implementation of SC-37(1)?
- •Can you provide configuration evidence or system diagrams showing this protection control?
- •What logs or monitoring data verify that this control is functioning correctly?
Ask AI
Configure your API key to use AI features.