CM-3(6)—Configuration Change Control
PBMM (P2)
Secret (P2)
Operational
>Control Description
CONFIGURATION CHANGE CONTROL | CRYPTOGRAPHY MANAGEMENT The organization ensures that cryptographic mechanisms used to provide ⚙organization-defined security safeguards are under configuration management.
>Supplemental Guidance
Regardless of the cryptographic means employed (e.g., public key, private key, shared secrets), organizations ensure that there are processes and procedures in place to effectively manage those means. For example, if devices use certificates as a basis for identification and authentication, there needs to be a process in place to address the expiration of those certificates. Related control: SC-13.
>Tailoring Guidance
For classified systems using high grade cryptographic products, this control is addressed by mandatory CSE COMSEC policies and procedures.
Ask AI
Configure your API key to use AI features.