800-53|SC-11

Title

TRUSTED PATH

Description

The information system establishes a trusted communications path between the user and the following security functions of the system: [Assignment: organization-defined security functions to include at a minimum, information system authentication and re-authentication].

Supplemental

Trusted paths are mechanisms by which users (through input devices) can communicate directly with security functions of information systems with the requisite assurance to support information security policies. The mechanisms can be activated only by users or the security functions of organizational information systems. User responses via trusted paths are protected from modifications by or disclosure to untrusted applications. Organizations employ trusted paths for high-assurance connections between security functions of information systems and users (e.g., during system logons). Enforcement of trusted communications paths is typically provided via an implementation that meets the reference monitor concept.

Reference Item Details

Related: AC-16,AC-25

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P0

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.4 Set 'External send connector authentication: DNS Routing' to 'True'WindowsCIS Microsoft Exchange Server 2016 Edge v1.0.0
1.4 Set 'External send connector authentication: DNS Routing' to 'True'WindowsCIS Microsoft Exchange Server 2013 Edge v1.1.0
2.2.8 Ensure 'External send connector authentication: DNS routing' is set to 'True'WindowsCIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0
CD12-00-010100 - PostgreSQL must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.PostgreSQLDBDISA STIG Crunchy Data PostgreSQL DB v3r1
EPAS-00-008800 - The EDB Postgres Advanced Server must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.PostgreSQLDBEnterpriseDB PostgreSQL Advanced Server DB v2r1
PHTN-40-000133 The Photon operating system must require users to reauthenticate for privilege escalation.UnixDISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1
SPLK-CL-000180 - Splunk Enterprise idle session timeout must be set to not exceed 15 minutes.SplunkDISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API
WBLC-08-000211 - Oracle WebLogic must establish a trusted communications path between the user and organization-defined security functions within the information system - Listen PortUnixOracle WebLogic Server 12c Linux v2r1 Middleware
WBLC-08-000211 - Oracle WebLogic must establish a trusted communications path between the user and organization-defined security functions within the information system - Listen PortUnixOracle WebLogic Server 12c Linux v2r1
WBLC-08-000211 - Oracle WebLogic must establish a trusted communications path between the user and organization-defined security functions within the information system - Listen PortWindowsOracle WebLogic Server 12c Windows v2r1
WBLC-08-000211 - Oracle WebLogic must establish a trusted communications path between the user and organization-defined security functions within the information system - SSL Listen PortUnixOracle WebLogic Server 12c Linux v2r1 Middleware
WBLC-08-000211 - Oracle WebLogic must establish a trusted communications path between the user and organization-defined security functions within the information system - SSL Listen PortUnixOracle WebLogic Server 12c Linux v2r1
WBLC-08-000211 - Oracle WebLogic must establish a trusted communications path between the user and organization-defined security functions within the information system - SSL Listen PortWindowsOracle WebLogic Server 12c Windows v2r1
WN10-CC-000145 - Users must be prompted for a password on resume from sleep (on battery).WindowsDISA Windows 10 STIG v3r2
WN10-CC-000150 - The user must be prompted for a password on resume from sleep (plugged in).WindowsDISA Windows 10 STIG v3r2
WN10-CC-000355 - The Windows Remote Management (WinRM) service must not store RunAs credentials.WindowsDISA Windows 10 STIG v3r2
WPAW-00-001700 - The Windows PAW must use a trusted channel for all connections between a PAW and IT resources managed from the PAW.WindowsDISA MS Windows Privileged Access Workstation v3r1