CCI-002445
CCI-002445 Definition
Distribute symmetric cryptographic keys using NIST FIPS-validated or NSA-approved key management technology and processes.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed documents and implements a process to distribute symmetric cryptographic keys using NIST FIPS-compliant or NSA-approved key management technology and processes. DoD requires a minimum of NIST approved cryptography for unclassified systems. Classified systems require NSA approved cryptography.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed distributes appropriate symmetric cryptographic keys using NIST FIPS-compliant or NSA-approved key management technology and processes.
Compelling Evidence
1.) Signed and dated System Security Plan (SSP).