CCI-001139

Implementation Guidance

Determine if information availability is maintained in the event of the loss of cryptographic keys by users.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing cryptographic key establishment, management, and recovery; system design documentation; system configuration settings and associated documentation; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel with responsibilities for cryptographic key establishment or management]. Test: [SELECT FROM: Mechanisms supporting and/or implementing cryptographic key establishment and management].