SC-12 Cryptographic Key Establishment And Management
System and Communications Protection
Low Moderate High
Description
When cryptography is required and employed within the information system, the organization establishes and manages cryptographic keys using automated mechanisms with supporting procedures or manual procedures.\n
Supplemental Guidance
NIST Special Publication 800-56 provides guidance on cryptographic key establishment. NIST Special Publication 800-57 provides guidance on cryptographic key management.\n
Enhancements
(0) None.\n
Compliance Mappings
SOC 2 TSC
CC6.1CC6.1-POF10CC6.1-POF11
ISO 17799 (legacy)
12.3.112.3.2
COBIT 4.1 (legacy)
DS5.8