SC-12(3): Asymmetric Keys

Control Family:

System And Communications Protection

Parent Control:

SC-12: Cryptographic Key Establishment And Management

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

PR.DS-1
PR.DS-2

Threats Addressed:

Tampering
Information Disclosure

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
SC-12(3): Asymmetric Keys

Control Statement

The organization produces, controls, and distributes asymmetric cryptographic keys using [Selection: NSA-approved key management technology and processes; approved PKI Class 3 certificates or prepositioned keying material; approved PKI Class 3 or Class 4 certificates and hardware security tokens that protect the user’s private key].