SC-12(6): Physical Control of Keys

Control Family:

System and Communications Protection

Parent Control:

SC-12: Cryptographic Key Establishment and Management

Threats Addressed:

Tampering
Information Disclosure

Baselines:

(Not part of any baseline)

Control is new to this version of the control set.

Control Statement

Maintain physical control of cryptographic keys when stored information is encrypted by external service providers.

Supplemental Guidance

For organizations that use external service providers (e.g., cloud service or data center providers), physical control of cryptographic keys provides additional assurance that information stored by such external providers is not subject to unauthorized disclosure or modification.