Navigate

CCI-005156

CCI-005156 Definition

Cryptographic keys that protect access tokens are generated, managed, and protected from disclosure and misuse.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if:- cryptographic keys that protect access tokens are generated;- cryptographic keys that protect access tokens are managed;- cryptographic keys that protect access tokens are managed; and- cryptographic keys that protect access tokens are managed.

Validation Procedures

Examine: [SELECT FROM: Identification and authentication policy; procedures addressing cryptographic key establishment and management; system design documentation; cryptographic mechanisms; system configuration settings and associated documentation; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel with responsibilities for cryptographic key establishment and/or management]. Test: [SELECT FROM: Organizational processes for cryptographic key management; cryptographic modules generating, storing, and using cryptographic keys].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-005156.

Control	Description
IA-13(1)	Cryptographic keys that protect access tokens are generated, managed, and protected from disclosure and misuse.