Description
For information requiring cryptographic protection, the information system implements cryptographic mechanisms that comply with applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance.\n
Supplemental Guidance
The applicable federal standard for employing cryptography in nonnational security information systems is FIPS 140-2 (as amended). Validation certificates issued by the NIST Cryptographic Module Validation Program (including FIPS 140-1, FIPS 140-2, and future amendments) remain in effect and the modules remain available for continued use and purchase until a validation certificate is specifically revoked. NIST Special Publications 800-56 and 800-57 provide guidance on cryptographic key establishment and cryptographic key management. Additional information on the use of validated cryptography is available at http://csrc.nist.gov/cryptval.\n
Changes from Rev 4
Control text adds 'need to determine cryptographic protection in addition to implementing' Single previous parameter split into two separate parameters: Determine the specific cryptographic uses and types of cryptography for each specified cryptographic use
Enhancements
(0) None.\n