SC-12(3): Asymmetric Keys

Control Family:

System and Communications Protection

Parent Control:

SC-12: Cryptographic Key Establishment and Management

Threats Addressed:

Tampering
Information Disclosure

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
SC-12(3): Asymmetric Keys

Control Statement

Produce, control, and distribute asymmetric cryptographic keys using [Assignment: NSA-approved key management technology and processes, prepositioned keying material, DoD-approved or DoD-issued Medium Assurance PKI certificates, DoD-approved or DoD-issued Medium Hardware Assurance PKI certificates and hardware security tokens that protect the user’s private key, certificates issued in accordance with organization-defined requirements].

Supplemental Guidance

SP 800-56A, SP 800-56B, and SP 800-56C provide guidance on cryptographic key establishment schemes and key derivation methods. SP 800-57-1, SP 800-57-2, and SP 800-57-3 provide guidance on cryptographic key management.