SC-12 Cryptographic Key Establishment and Management

Description

Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures.

Organizations define key management requirements in accordance with applicable federal laws, executive orders, directives, regulations, policies, standards, and guidance, specifying appropriate options, levels, and parameters.

Organizations manage trust stores to ensure that only approved trust anchors are in such trust stores. This includes certificates with visibility external to organizational information systems and certificates related to the internal operations of systems.

Applicability

The owner of an information resource, or designee, is responsible for implementing this Control.

Implementation

Information resource owner, or designee shall:

  1. Establishes and manages cryptographic keys for required cryptography employed within the information system. When cryptography is required and employed within the information system, TAMU-CC; and
  2. Establishes and manages cryptographic keys using automated mechanisms with supporting procedures or manual procedures.

Revision History

Last Updated: February 21, 2025

Previous Versions:

  • June 29, 2023
  • May 31, 2022
  • March 25, 2021
  • September 16, 2019

Chief Information Security and Privacy Officer

Submit a Ticket

News

See All News

Events

See All Events