Navigate

CCI-002431

CCI-002431 Definition

The organization defines the requirements for cryptographic key access to be employed within the information system.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has defined the requirements for key access as requirements for key access defined in DoDI 8520.02 "Public Key Infrastructure and Public Key Enabling" and DoDI 8520.03 "Identity Authentication for Information Systems.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the requirements for key access as requirements for key access defined in DoDI 8520.02 "Public Key Infrastructure and Public Key Enabling" and DoDI 8520.03 "Identity Authentication for Information Systems.

Compelling Evidence

Automatically compliant per DoDI 8520.02 and DoDI 8520.03.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002431.

Control	Description
SC-12	The organization establishes and manages cryptographic keys for required cryptography employed within the information system in accordance with [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction].