💼 SC-12 Cryptographic Key Establishment and Management (L)(M)(H)
- ID:
/frameworks/fedramp-moderate-security-controls/sc/12
Description
Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: [FedRAMP Assignment: In accordance with Federal requirements].
SC-12 Additional FedRAMP Requirements and Guidance:
Guidance: See references in NIST 800-53 documentation.
Guidance: Must meet applicable Federal Cryptographic Requirements. See References Section of control.
Guidance: Wildcard certificates may be used internally within the system, but are not permitted for external customer access to the system.
Similar
- Sections
/frameworks/fedramp-high-security-controls/sc/12
- Internal
- ID:
dec-c-c577f67c
- ID:
Similar Sections (Take Policies From)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 FedRAMP High Security Controls → 💼 SC-12 Cryptographic Key Establishment and Management (L)(M)(H) | 1 | 9 | 11 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (11)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS IAM User Access Keys are not rotated every 90 days or less🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS IAM User has more than one active access key🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS IAM User with console and programmatic access set during the initial creation🟢⚪ | 🟢 x2, ⚪ x1 | no data | |
| 🛡️ AWS KMS Symmetric CMK Rotation is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Key Vault Soft Delete and Purge Protection functions are not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Non-RBAC Key Vault stores Keys without expiration date🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Non-RBAC Key Vault stores Secrets without expiration date🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure RBAC Key Vault stores Keys without expiration date🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure RBAC Key Vault stores Secrets without expiration date🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure SQL Server Transparent Data Encryption Protector is not encrypted with Customer-managed key🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Storage Account With Critical Data is not encrypted with customer managed key🟢⚪ | 🟢 x2, ⚪ x1 | no data |