NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-4(10)Visibility of Encrypted Communications

Make provisions so that {{ insert: param, si-04.10_odp.01 }} is visible to {{ insert: param, si-04.10_odp.02 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Organizations balance the need to encrypt communications traffic to protect data confidentiality with the need to maintain visibility into such traffic from a monitoring perspective. Organizations determine whether the visibility requirement applies to internal encrypted traffic, encrypted traffic intended for external destinations, or a subset of the traffic types.

Practitioner Notes

Maintain visibility into encrypted communications to the extent necessary for monitoring. Encryption can hide malicious activity if you cannot inspect the decrypted traffic.

Example 1: Deploy TLS inspection (SSL decryption) on your web proxy or next-gen firewall. The proxy decrypts HTTPS traffic, inspects it for threats, and re-encrypts it. This lets you see inside encrypted web traffic without users noticing any difference.

Example 2: For internal traffic, use endpoint-based monitoring (EDR) that can see data before encryption and after decryption. The EDR agent on the endpoint sees the plaintext data even when the network traffic is encrypted, providing visibility without breaking encryption in transit.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status