SC-13 Use Of Cryptography
Control: For information requiring cryptographic protection, the information system implements cryptographic mechanisms that comply with applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance.
Supplemental Guidance: The applicable federal standard for employing cryptography in nonnational security information systems is FIPS 140-2 (as amended). Validation certificates issued by the NIST Cryptographic Module Validation Program (including FIPS 140-1, FIPS 140-2, and future amendments) remain in effect and the modules remain available for continued use and purchase until a validation certificate is specifically revoked. NIST Special Publications 800-56 and 800-57 provide guidance on cryptographic key establishment and cryptographic key management. Additional information on the use of validated cryptography is available at http://csrc.nist.gov/cryptval.
Control Enhancements: (0) None.
Baseline: LOW SC-13 MOD SC-13 HIGH SC-13
Family: System And Communications Protection
ISO 17799 mapping: None.
COBIT 4.1 mapping: DS5.8
PCI-DSS v2 mapping: 3.6, 4.1.c