NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-37(1)Ensure Delivery and Transmission

Employ {{ insert: param, sc-37.01_odp.01 }} to ensure that only {{ insert: param, sc-37.01_odp.02 }} receive the following information, system components, or devices: {{ insert: param, sc-37.01_odp.03 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Techniques employed by organizations to ensure that only designated systems or individuals receive certain information, system components, or devices include sending authenticators via an approved courier service but requiring recipients to show some form of government-issued photographic identification as a condition of receipt.

Practitioner Notes

Verify delivery and transmission through out-of-band channels to ensure the information actually reached the intended recipient.

Example 1: When delivering a new encryption key via courier, require a signed receipt from the recipient. Follow up with a phone call to confirm the key was received and verify the key fingerprint over the phone.

Example 2: When sending critical security patches via removable media to an air-gapped system, verify the SHA-256 hash of the files with the recipient over a separate phone call to confirm the media was not tampered with during transit.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability