SC-12 Cryptographic Key Establishment And Management

Control: When cryptography is required and employed within the information system, the organization establishes and manages cryptographic keys using automated mechanisms with supporting procedures or manual procedures.

Supplemental Guidance: NIST Special Publication 800-56 provides guidance on cryptographic key establishment. NIST Special Publication 800-57 provides guidance on cryptographic key management.

Control Enhancements: (0) None.

Baseline: LOW Not Selected MOD SC-12 HIGH SC-12

Family: System And Communications Protection

Class: Technical

ISO 17799 mapping: 12.3.1, 12.3.2

COBIT 4.1 mapping: DS5.8

PCI-DSS v2 mapping: 3.5, 3.6, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 3.6.7, 3.6.8