SC-12(1): Availability

Control Family:

System and Communications Protection

Parent Control:

SC-12: Cryptographic Key Establishment and Management

Threats Addressed:

Denial of Service

Baselines:

High

Previous Version:

NIST Special Publication 800-53 Revision 4:
SC-12(1): Availability

Control Statement

Maintain availability of information in the event of the loss of cryptographic keys by users.

Supplemental Guidance

Escrowing of encryption keys is a common practice for ensuring availability in the event of key loss. A forgotten passphrase is an example of losing a cryptographic key.