CCI-002443
CCI-002443 Definition
Produce symmetric cryptographic keys using NIST FIPS-validated or NSA-approved key management technology and processes.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed documents and implements a process to produce symmetric cryptographic keys using NIST FIPS-compliant or NSA-approved key management technology and processes. An example process would be implementation of Key Management Infrastructure (KMI). DoD requires a minimum of NIST approved cryptography for unclassified systems. Classified systems require NSA approved cryptography.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed produces appropriate symmetric cryptographic keys using NIST FIPS-compliant or NSA-approved key management technology and processes.
Compelling Evidence
1.) Signed and dated System Security Plan (SSP).