SC-12(1): Availability

Threats Addressed:


  • High

Previous Version:

Control Statement

Maintain availability of information in the event of the loss of cryptographic keys by users.

Supplemental Guidance

Escrowing of encryption keys is a common practice for ensuring availability in the event of key loss. A forgotten passphrase is an example of losing a cryptographic key.