SC-13(4) — Digital Signatures

Use digital signatures to verify the authenticity and integrity of critical data, software, and communications. A valid signature proves the data came from a known source and has not been tampered with.

Example 1: Require code signing for all internally developed scripts and executables. Use a code signing certificate from your internal CA to sign PowerShell scripts, and configure a GPO to only allow signed scripts to run (Set-ExecutionPolicy AllSigned).

Example 2: Enable S/MIME digital signatures in Outlook for emails containing sensitive directives or approvals. The recipient can verify the signature to confirm the email actually came from the stated sender and was not altered in transit.