STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

SC-12

System and Communications ProtectionRev 5organization

Cryptographic Key Establishment and Management

Baselines:LowModerateHigh

Control Statement

Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: [Assignment: requirements].

Supplemental Guidance

Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. Organizations define key management requirements in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines and specify appropriate options, parameters, and levels. Organizations manage trust stores to ensure that only approved trust anchors are part of such trust stores. This includes certificates with visibility external to organizational systems and certificates related to the internal operations of systems. [NIST CMVP](#1acdc775-aafb-4d11-9341-dc6a822e9d38) and [NIST CAVP](#84dc1b0c-acb7-4269-84c4-00dbabacd78c) provide additional information on validated cryptographic modules and algorithms that can be used in cryptographic key management and establishment.

Related Controls (19)

AC-17AU-9AU-10CM-3IA-3IA-7IA-13SA-4SA-8SA-9SC-8SC-11SC-13SC-17SC-20SC-37SC-40SI-3SI-7

CCI Identifiers (17)

CCI-002428Defines the requirements for cryptographic key generation to be employed within the system.CCI-002429Defines the requirements for cryptographic key distribution to be employed within the system.CCI-002430Defines the requirements for cryptographic key storage to be employed within the system.CCI-002431Defines the requirements for cryptographic key access to be employed within the system.CCI-002432Defines the requirements for cryptographic key destruction to be employed within the system.CCI-002433Establish cryptographic keys when cryptography is employed within the system in accordance with organization-defined requirements for key generation.CCI-002434Establish cryptographic keys when cryptography employed within the system in accordance with organization-defined requirements for key distribution.CCI-001137The organization establishes cryptographic keys for required cryptography employed within the information system.

Linked STIG Checks (2)

Across 2 STIGs. Click to expand.

CCI-001138The organization manages cryptographic keys for required cryptography employed within the information system.
CCI-002435Establish cryptographic keys when cryptography employed within the system in accordance with organization-defined requirements for key storage.
CCI-002436Establish cryptographic keys when cryptography employed within the system in accordance with organization-defined requirements for key access.
CCI-002437Establish cryptographic keys when cryptography employed within the system in accordance with organization-defined requirements for key destruction.
CCI-002438Manage cryptographic keys when cryptography employed within the system in accordance with organization-defined requirements for key generation.
CCI-002439Manage cryptographic keys when cryptography employed within the system in accordance with organization-defined requirements for key distribution.
CCI-002440Manage cryptographic keys when cryptography employed within the system in accordance with organization-defined requirements for key storage.
CCI-002441Manage cryptographic keys when cryptography employed within the system in accordance with organization-defined requirements for key access.
CCI-002442Manage cryptographic keys when cryptography employed within the system in accordance with organization-defined requirements for key destruction.