CCI-002436

The organization establishes cryptographic keys for required cryptography employed within the information system in accordance with organization-defined requirements for key access.

Implementation Guidance

The organization being inspected/assessed documents and implements a process to establish cryptographic keys for required cryptography employed within the information system in accordance with requirements for key access defined in DoDI 8520.02 "Public Key Infrastructure and Public Key Enabling" and DoDI 8520.03 "Identity Authentication for Information Systems." DoD has defined the requirements for key access as requirements for key access defined in DoDI 8520.02 "Public Key Infrastructure and Public Key Enabling" and DoDI 8520.03 "Identity Authentication for Information Systems.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed establishes cryptographic keys for required cryptography employed within the information system in accordance with requirements for key access defined in DoDI 8520.02 "Public Key Infrastructure and Public Key Enabling" and DoDI 8520.03 "Identity Authentication for Information Systems." DoD has defined the requirements for key access as requirements for key access defined in DoDI 8520.02 "Public Key Infrastructure and Public Key Enabling" and DoDI 8520.03 "Identity Authentication for Information Systems.

Compelling Evidence

1.) Signed and dated system protection policy. 2.) Communications protection policy (reference encryption section). 3.) Key requirements used for key generation aligned with DoDI 8520.02 "Public Key Infrastructure and Public Key Enabling" and DoDI 8520.03 "Identity Authentication for Information Systems.

The controls below (if any) were marked by NIST as being related to CCI-002436.