>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SC-12Cryptographic Key Establishment And Management

PBMM (P3)
Secret (P3)
Technical

>Control Description

(A) The organization establishes and manages cryptographic keys for required cryptography employed within the information system in accordance with organization-defined requirements for key generation, distribution, storage, access, and destruction.

>Supplemental Guidance

Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. Organizations define key management requirements in accordance with applicable GC legislation and TBS policies, directives, and standards, specifying appropriate options, levels, and parameters. Organizations manage trust stores to ensure that only approved trust anchors are in such trust stores.

This includes certificates with visibility external to organizational information systems and certificates related to the internal operations of systems. The cryptography must be compliant with the requirements of control SC-13. Related controls: SC-13, SC-17

>Tailoring Guidance

This security control/enhancement is considered to be best practice. Consequently, inclusion in a departmental profile is strongly encouraged in most cases.

Ask AI

Configure your API key to use AI features.