SC-28(3)—Cryptographic Keys
>Control Description
Provide protected storage for cryptographic keys [Selection (one): [Assignment: organization-defined safeguards]; hardware-protected key store].
>Supplemental Guidance
A Trusted Platform Module (TPM) is an example of a hardware-protected data store that can be used to protect cryptographic keys.