Navigate

CCI-002441

CCI-002441 Definition

Manage cryptographic keys when cryptography employed within the system in accordance with organization-defined requirements for key access.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if: - cryptographic keys are established when cryptography is employed within the system in accordance with [SC-12_ODP; requirements for key generation, distribution, storage, access, and destruction are defined]. - cryptographic keys are managed when cryptography is employed within the system in accordance with [SC-12_ODP; requirements for key generation, distribution, storage, access, and destruction are defined].

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing cryptographic key establishment and management; system design documentation; cryptographic mechanisms; system configuration settings and associated documentation; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel with responsibilities for cryptographic key establishment and/or management]. Test: [SELECT FROM: Mechanisms supporting and/or implementing cryptographic key establishment and management].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002441.

Control	Description
SC-12	Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: [requirements for key generation, distribution, storage, access, and destruction are defined;].