CCI-002447
CCI-002447 Definition
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed implements a process to control asymmetric cryptographic keys using: NSA-approved key management technology and processes; approved PKI medium certificates or prepositioned keying material; or, approved PKI medium or FORTEZZA certificates and hardware security tokens that protect the user's private key.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines any applicable evidence of asymmetric cryptographic key control to ensure the organization being inspected/assessed controls asymmetric cryptographic keys using: NSA-approved key management technology and processes; approved PKI medium certificates or prepositioned keying material; or, approved PKI medium or FORTEZZA certificates and hardware security tokens that protect the user's private key.
Compelling Evidence
1.) Evidence of asymmetric cryptographic key control.