Navigate

CCI-004898

CCI-004898 Definition

Defines requirements for certificates that are issued for producing, controlling, and distributing asymmetric cryptographic keys.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

Determine if: - asymmetric cryptographic keys are produced using [SC-12(03)_ODP; one of the following PARAMETER VALUES is selected: {NSA-approved key management technology and processes; prepositioned keying material; DoD-approved or DoD-issued Medium Assurance PKI certificates; DoD-approved or DoD-issued Medium Hardware Assurance PKI certificates and hardware security tokens that protect the user's private key; certificates issued in accordance with organization-defined requirements}]. - asymmetric cryptographic keys are controlled using [SC-12(03)_ODP; one of the following PARAMETER VALUES is selected: {NSA-approved key management technology and processes; prepositioned keying material; DoD-approved or DoD-issued Medium Assurance PKI certificates; DoD-approved or DoD-issued Medium Hardware Assurance PKI certificates and hardware security tokens that protect the user's private key; certificates issued in accordance with organization-defined requirements}]. - asymmetric cryptographic keys are distributed using [SC-12(03)_ODP; one of the following PARAMETER VALUES is selected: {NSA-approved key management technology and processes; prepositioned keying material; DoD-approved or DoD-issued Medium Assurance PKI certificates; DoD-approved or DoD-issued Medium Hardware Assurance PKI certificates and hardware security tokens that protect the user's private key; certificates issued in accordance with organization-defined requirements}].

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing cryptographic key establishment and management; system design documentation; system configuration settings and associated documentation; system audit records; list of NSA-approved cryptographic products; list of approved PKI Class 3 and Class 4 certificates; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; system developer; organizational personnel with responsibilities for cryptographic key establishment or management; organizational personnel with responsibilities for PKI certificates]. Test: [SELECT FROM: Mechanisms supporting and/or implementing asymmetric cryptographic key establishment and management].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-004898.

Control	Description
SC-12(3)	Produce, control, and distribute asymmetric cryptographic keys using [one of "NSA-approved key management technology and processes"/"prepositioned keying material"/"DoD-approved or DoD-issued Medium Assurance PKI certificates"/"DoD-approved or DoD-issued Medium Hardware Assurance PKI certificates and hardware security tokens that protect the user’s private key"/"certificates issued in accordance with organization-defined requirements"].

Control

Description

SC-12(3)

Produce, control, and distribute asymmetric cryptographic keys using [one of "NSA-approved key management technology and processes"/"prepositioned keying material"/"DoD-approved or DoD-issued Medium Assurance PKI certificates"/"DoD-approved or DoD-issued Medium Hardware Assurance PKI certificates and hardware security tokens that protect the user’s private key"/"certificates issued in accordance with organization-defined requirements"].