Control: When cryptography is required and employed within the information system, the organization establishes and manages cryptographic keys using automated mechanisms with supporting procedures or manual procedures.
Supplemental Guidance: NIST Special Publication 800-56 provides guidance on cryptographic key establishment. NIST Special Publication 800-57 provides guidance on cryptographic key management.
Control Enhancements: (0) None.
Baseline: LOW Not Selected MOD SC-12 HIGH SC-12
Family: System And Communications Protection
ISO 17799 mapping: 12.3.1, 12.3.2
COBIT 4.1 mapping: DS5.8
PCI-DSS v2 mapping: 3.5, 3.6, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 3.6.7, 3.6.8