SC-8: Transmission Confidentiality And Integrity
Generated
2019-05-20 15:48:11.984914
Status
Statements
The information system protects the [Selection (one or more): confidentiality; integrity] of transmitted information.
STIG
| STIG # | Description | Result |
|---|---|---|
| V-72895 | PostgreSQL must maintain the confidentiality and integrity of information during reception. | failed |
| V-72981 | PostgreSQL must maintain the confidentiality and integrity of information during preparation for transmission. | failed |
Additional Guidance
This control applies to both internal and external networks and all types of information system components from which information can be transmitted (e.g., servers, mobile devices, notebook computers, printers, copiers, scanners, facsimile machines). Communication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification. Protecting the confidentiality and/or integrity of organizational information can be accomplished by physical means (e.g., by employing protected distribution systems) or by logical means (e.g., employing encryption techniques). Organizations relying on commercial providers offering transmission services as commodity services rather than as fully dedicated services (i.e., services which can be highly specialized to individual customer needs), may find it difficult to obtain the necessary assurances regarding the implementation of needed security controls for transmission confidentiality/integrity. In such situations, organizations determine what types of confidentiality/integrity services are available in standard, commercial telecommunication service packages. If it is infeasible or impractical to obtain the necessary security controls and assurances of control effectiveness through appropriate contracting vehicles, organizations implement appropriate compensating security controls or explicitly accept the additional risk.