SC-28(3)

SC-28(3): Cryptographic Keys

Provide protected storage for cryptographic keys [one of "{{ insert: param, sc-28.03_odp.02 }} "/"hardware-protected key store"].

A Trusted Platform Module (TPM) is an example of a hardware-protected data store that can be used to protect cryptographic keys.

Overlays
DAF Baseline, Privacy (high), Privacy (moderate)

CSF Categories
None

The controls below (if any) were marked by NIST as being related to SC-28(3).

Control	Description
SC-12	Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: [requirements for key generation, distribution, storage, access, and destruction are defined;].
SC-13	a: Determine the [cryptographic uses are defined;] ; and b: Implement the following types of cryptography required for each specified cryptographic use: [types of cryptography for each specified cryptographic use are defined;].

The controls below (if any) add on to the requirements of SC-28(3).

Control	Description
No controls

The CCIs below are tied to SC-28(3).

CCI	Definition
CCI-004910	Provide protected storage for cryptographic keys with organization-defined safeguards and/or hardware protected key store.
CCI-004911	Defines the safeguards for providing protected storage for cryptographic keys.