CM-3(6): Cryptography Management

Control Family:

Configuration Management

Parent Control:

CM-3: Configuration Change Control

CSF v1.1 References:

PR.IP-1
PR.IP-3
DE.CM-1
DE.CM-7

Threats Addressed:

Tampering
Elevation of Privilege

Baselines:

High

Previous Version:

NIST Special Publication 800-53 Revision 4:
CM-3(6): Cryptography Management

Control Statement

Ensure that cryptographic mechanisms used to provide the following controls are under configuration management: [Assignment: organization-defined controls].

Supplemental Guidance

The controls referenced in the control enhancement refer to security and privacy controls from the control catalog. Regardless of the cryptographic mechanisms employed, processes and procedures are in place to manage those mechanisms. For example, if system components use certificates for identification and authentication, a process is implemented to address the expiration of those certificates.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5