diff --git a/features/FEATURE_BLE/targets/TARGET_CORDIO/stack/ble-host/sources/stack/att/atts_sign.c b/features/FEATURE_BLE/targets/TARGET_CORDIO/stack/ble-host/sources/stack/att/atts_sign.c
index a566a6794b..ce0e54b963 100644
--- a/features/FEATURE_BLE/targets/TARGET_CORDIO/stack/ble-host/sources/stack/att/atts_sign.c
+++ b/features/FEATURE_BLE/targets/TARGET_CORDIO/stack/ble-host/sources/stack/att/atts_sign.c
@@ -167,53 +167,69 @@ static void attsProcSignedWrite(attsCcb_t *pCcb, uint16_t len, uint8_t *pPacket)
   /* find attribute */
   if ((pAttr = attsFindByHandle(handle, &pGroup)) != NULL)
   {
-    /* verify permissions */
-    if (attsPermissions(pCcb->connId, ATTS_PERMIT_WRITE, handle, pAttr->permissions) != ATT_SUCCESS)
-    {
-      return;
-    }
     /* verify signed write is permitted */
-    else if ((pAttr->settings & ATTS_SET_ALLOW_SIGNED) == 0)
+    if ((pAttr->settings & ATTS_SET_ALLOW_SIGNED) == 0)
     {
       return;
     }
+
+    /* verify that csrk is present */
+    if (attsSignCcbByConnId(pCcb->pMainCcb->connId)->pCsrk == NULL) {
+      return;
+    }
+
+    /* verify basic permissions */
+    if ((pAttr->permissions & (ATTS_PERMIT_WRITE | ATTS_PERMIT_WRITE_ENC)) == 0)
+    {
+      return;
+    }
+
+    /* verify authentication */
+    if ((pAttr->permissions & ATTS_PERMIT_WRITE_AUTH) &&
+        (attsSignCcbByConnId(pCcb->pMainCcb->connId)->authenticated == 0))
+    {
+      return;
+    }
+
+    /* Note: authorization not verified at this stage as it is reserved for lesc
+       writes; authorization occurs latter when the write cb is called */
+
     /* verify write length, fixed length */
-    else if (((pAttr->settings & ATTS_SET_VARIABLE_LEN) == 0) &&
+    if (((pAttr->settings & ATTS_SET_VARIABLE_LEN) == 0) &&
              (writeLen != pAttr->maxLen))
     {
       return;
     }
+
     /* verify write length, variable length */
-    else if (((pAttr->settings & ATTS_SET_VARIABLE_LEN) != 0) &&
+    if (((pAttr->settings & ATTS_SET_VARIABLE_LEN) != 0) &&
              (writeLen > pAttr->maxLen))
     {
       return;
     }
-    else
+
+    /* allocate buffer to store packet and parameters */
+    if ((pBuf = WsfBufAlloc(sizeof(attsSignBuf_t) - 1 + len)) != NULL)
     {
-      /* allocate buffer to store packet and parameters */
-      if ((pBuf = WsfBufAlloc(sizeof(attsSignBuf_t) - 1 + len)) != NULL)
+      /* initialize buffer */
+      pBuf->pCcb = pCcb->pMainCcb;
+      pBuf->handle = handle;
+      pBuf->writeLen = writeLen;
+      pBuf->connId = pCcb->connId;
+      memcpy(pBuf->packet, (pPacket + L2C_PAYLOAD_START), len);
+
+      /* check if a signed write is already in progress */
+      pSignCcb = attsSignCcbByConnId(pCcb->connId);
+
+      if (pSignCcb->pBuf != NULL)
       {
-        /* initialize buffer */
-        pBuf->pCcb = pCcb->pMainCcb;
-        pBuf->handle = handle;
-        pBuf->writeLen = writeLen;
-        pBuf->connId = pCcb->connId;
-        memcpy(pBuf->packet, (pPacket + L2C_PAYLOAD_START), len);
-
-        /* check if a signed write is already in progress */
-        pSignCcb = attsSignCcbByConnId(pCcb->connId);
-
-        if (pSignCcb->pBuf != NULL)
-        {
-          /* signed write in progress; queue packet */
-          WsfQueueEnq(&attsSignCb.msgQueue, pBuf);
-        }
-        else
-        {
-          /* start signed data processing */
-          attsSignedWriteStart(pSignCcb, pBuf);
-        }
+        /* signed write in progress; queue packet */
+        WsfQueueEnq(&attsSignCb.msgQueue, pBuf);
+      }
+      else
+      {
+        /* start signed data processing */
+        attsSignedWriteStart(pSignCcb, pBuf);
       }
     }
   }