πΌ SC-12 Cryptographic Key Establishment and Management (L)(M)(H)
- Contextual name: πΌ SC-12 Cryptographic Key Establishment and Management (L)(M)(H)
- ID:
/frameworks/fedramp-high-security-controls/sc/12 - Located in: πΌ System and Communications Protection
Descriptionβ
Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: [FedRAMP Assignment: In accordance with Federal requirements].
SC-12 Additional FedRAMP Requirements and Guidance:
Guidance: See references in NIST 800-53 documentation.
Guidance: Must meet applicable Federal Cryptographic Requirements. See References Section of control.
Guidance: Wildcard certificates may be used internally within the system, but are not permitted for external customer access to the system.
Similarβ
- Sections
/frameworks/nist-sp-800-53-r5/sc/12
- Internal
- ID:
dec-c-c577f67c
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ SC-12 Cryptographic Key Establishment and Management | 6 | 1 | 3 |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP Low Security Controls β πΌ SC-12 Cryptographic Key Establishment and Management (L)(M)(H) | 11 | |||
| πΌ FedRAMP Moderate Security Controls β πΌ SC-12 Cryptographic Key Establishment and Management (L)(M)(H) | 11 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ SC-12(1) Availability (H) |
Policies (11)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS IAM User Access Keys are not rotated every 90 days or less π’ | 1 | π’ x6 |
| π AWS IAM User has more than one active access key π’ | 1 | π’ x6 |
| π AWS IAM User with console and programmatic access set during the initial creation π’ | π’ x3 | |
| π AWS KMS Symmetric CMK Rotation is not enabled π’ | 1 | π’ x6 |
| π Azure Key Vault Soft Delete and Purge Protection functions are not enabled π’ | 1 | π’ x6 |
| π Azure Non-RBAC Key Vault stores Keys without expiration date π’ | 1 | π’ x6 |
| π Azure Non-RBAC Key Vault stores Secrets without expiration date π’ | 1 | π’ x6 |
| π Azure RBAC Key Vault stores Keys without expiration date π’ | 1 | π’ x6 |
| π Azure RBAC Key Vault stores Secrets without expiration date π’ | 1 | π’ x6 |
| π Azure SQL Server Transparent Data Encryption Protector is not encrypted with Customer-managed key π’ | 1 | π’ x6 |
| π Azure Storage Account With Critical Data is not encrypted with customer managed key π’ | π’ x3 |
Internal Rulesβ
| Rule | Policies | Flags |
|---|---|---|
| βοΈ dec-x-0be4dfe5 | 1 | |
| βοΈ dec-x-0feec790 | 2 | |
| βοΈ dec-x-4d6fee7a | 1 | |
| βοΈ dec-x-82ca4127 | 2 | |
| βοΈ dec-x-230b5e35 | 1 | |
| βοΈ dec-x-30795016 | 1 | |
| βοΈ dec-x-aef11ebd | 1 | |
| βοΈ dec-x-b10e98af | 1 | |
| βοΈ dec-x-bcb0c78f | 1 |