CCI-002445

Distribute symmetric cryptographic keys using NIST FIPS-validated or NSA-approved key management technology and processes.

Implementation Guidance

Determine if: - symmetric cryptographic keys are produced using [SC-12(02)_ODP; one of the following PARAMETER VALUES is selected: {NIST FIPS-validated; NSA-approved}] key management technology and processes. - symmetric cryptographic keys are controlled using [SC-12(02)_ODP; one of the following PARAMETER VALUES is selected: {NIST FIPS-validated; NSA-approved}] key management technology and processes. - symmetric cryptographic keys are distributed using [SC-12(02)_ODP; one of the following PARAMETER VALUES is selected: {NIST FIPS-validated; NSA-approved}] key management technology and processes.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing cryptographic key establishment and management; system design documentation; system configuration settings and associated documentation; system audit records; list of FIPS-validated cryptographic products; list of NSA-approved cryptographic products; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; system developer; organizational personnel with responsibilities for cryptographic key establishment or management]. Test: [SELECT FROM: Mechanisms supporting and/or implementing symmetric cryptographic key establishment and management].

The controls below (if any) were marked by NIST as being related to CCI-002445.