Organizational Control: Public Key Infrastructure Certificates
| Control ID: SC-17 Public Key Infrastructure Certificates | Family: System and Communications Protection | Source: NIST 800-53r4 |
| Control: The organization issues public key certificates under an [Assignment: organization-defined certificate policy] or obtains public key certificates from an approved service provider. | ||
| Supplemental Guidance: For all certificates, organizations manage information system trust stores to ensure only approved trust anchors are in the trust stores. This control addresses both certificates with visibility external to organizational information systems and certificates related to the internal operations of systems, for example, application-specific time services. Related Controls: SC-12 |
||
| Control Enhancements: N/A | ||
| References: OMB Memorandum 05-24; NIST Special Publications 800-32, 800-63. | ||
| Mechanisms: | ||
| Protocol Implementation Conformance Statements: N/A | ||