home || catalog: SP800-53rev3 / class: Technical / family: (SC) System and Communications Protection ||
search controls:
search nistpubs:

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
RA
SA
SC

SC-01
SC-02
SC-03
SC-04
SC-05
SC-06
SC-07
SC-08
SC-09
SC-10
SC-11
SC-12 *
SC-13
SC-14
SC-15
SC-16
SC-17
SC-18
SC-19
SC-20
SC-21
SC-22
SC-23
SC-24
SC-25
SC-26
SC-27
SC-28
SC-29
SC-30
SC-31
SC-32
SC-33

SI
MMMMM

  SC-12: Cryptographic Key Establishment and Management  

base control objective:
The organization establishes and manages cryptographic keys for required cryptography employed within the information system.

supplemental objective information:
Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures.

enhancements to the base objective:

(1) The organization maintains availability of information in the event of the loss of cryptographic keys by users.

(2) The organization produces, controls, and distributes symmetric cryptographic keys using [Selection: NIST-approved, NSA-approved] key management technology and processes.

(3) The organization produces, controls, and distributes symmetric and asymmetric cryptographic keys using NSA-approved key management technology and processes.

(4) The organization produces, controls, and distributes asymmetric cryptographic keys using approved PKI Class 3 certificates or prepositioned keying material.

(5) The organization produces, controls, and distributes asymmetric cryptographic keys using approved PKI Class 3 or Class 4 certificates and hardware security tokens that protect the user’s private key.

mapping to FIPS199 baseline:

  LOW: base     MOD: base     HIGH: base (1)  

related (regimented) controls:

None.

documents referenced in SP800-53rev3 for SC-12:

Document Date Status Title
FIPS 140-1 January, 1994 current   Security Requirements for Cryptographic Modules
FIPS 140-2 May, 2001 current   Security Requirements for Cryptographic Modules
NIST SP800-113 July, 2008 current   Guide to SSL VPNs
NIST SP800-12 October, 1995 current   An Introduction to Computer Security: The NIST Handbook
NIST SP800-21 December, 2005 current   Guideline for Implementing Cryptography in the Federal Government
NIST SP800-52 June, 2005 current   Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations
NIST SP800-56a March, 2006 current   Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
NIST SP800-57, part1 August, 2005 current   Recommendation for Key Management, part 1
NIST SP800-57, part2 August, 2005 current   Recommendation for Key Management, part 2
NIST SP800-58 January, 2005 current   Security Considerations for Voice Over IP Systems
NIST SP800-73-part2 February, 2010 current   Interfaces for Personal Identity Verification
NIST SP800-77 December, 2005 current   Guide to IPsec VPNs
NIST SP800-97 SP800-97 DRAFT   Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i

Search SP800-53rev3 catalog: