Navigate

CCI-002449

CCI-002449 Definition

Defines the cryptographic uses, and type of cryptography required for each use, to be implemented by the system.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if [SC-13_ODP[02]; types of cryptography for each specified cryptographic use are defined] for each specified cryptographic use (defined in SC-13_ODP[01]) are implemented.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing cryptographic protection; system design documentation; system configuration settings and associated documentation; cryptographic module validation certificates; list of FIPS-validated cryptographic modules; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; system developer; organizational personnel with responsibilities for cryptographic protection]. Test: [SELECT FROM: Mechanisms supporting and/or implementing cryptographic protection].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002449.

Control	Description
SC-13	a: Determine the [cryptographic uses are defined;] ; and b: Implement the following types of cryptography required for each specified cryptographic use: [types of cryptography for each specified cryptographic use are defined;].