Skip to main content

πŸ’Ό SC-12(3) Cryptographic Key Establishment and Management | Asymmetric Keys

Description​

Produce, control, and distribute asymmetric cryptographic keys using [Selection: NSA-approved key management technology and processes; prepositioned keying material; DoD-approved or DoD-issued Medium Assurance PKI certificates; DoD-approved or DoD-issued Medium Hardware Assurance PKI certificates and hardware security tokens that protect the user's private key; certificates issued in accordance with organization-defined requirements].

Similar​

  • Sections
    • /frameworks/aws-fsbp-v1.0.0/api-gateway/02
    • /frameworks/aws-fsbp-v1.0.0/cloudfront/03
    • /frameworks/aws-fsbp-v1.0.0/cloudfront/07
    • /frameworks/aws-fsbp-v1.0.0/cloudfront/08
    • /frameworks/aws-fsbp-v1.0.0/cloudfront/10
    • /frameworks/aws-fsbp-v1.0.0/elasticache/05
    • /frameworks/aws-fsbp-v1.0.0/elb/01
    • /frameworks/aws-fsbp-v1.0.0/elb/02
    • /frameworks/aws-fsbp-v1.0.0/elb/03
    • /frameworks/aws-fsbp-v1.0.0/elb/08
    • /frameworks/aws-fsbp-v1.0.0/elb/17
    • /frameworks/aws-fsbp-v1.0.0/es/08
    • /frameworks/aws-fsbp-v1.0.0/opensearch/08
    • /frameworks/aws-fsbp-v1.0.0/s3/05
  • Internal
    • ID: dec-c-dc1b6604

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [APIGateway.2] API Gateway REST API stages should be configured to use SSL certificates for backend authentication"11
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [CloudFront.3] CloudFront distributions should require encryption in transit11
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [CloudFront.7] CloudFront distributions should use custom SSL/TLS certificates11
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [CloudFront.8] CloudFront distributions should use SNI to serve HTTPS requests11
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [CloudFront.10] CloudFront distributions should not use deprecated SSL protocols between edge locations and custom origins11
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ElastiCache.5] ElastiCache replication groups should be encrypted in transit
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ELB.1] Application Load Balancer should be configured to redirect all HTTP requests to HTTPS
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ELB.2] Classic Load Balancers with SSL/HTTPS listeners should use a certificate provided by AWS Certificate Manager
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ELB.3] Classic Load Balancer listeners should be configured with HTTPS or TLS termination
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ELB.8] Classic Load Balancers with SSL listeners should use a predefined security policy that has strong AWS Configuration
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ELB.17] Application and Network Load Balancers with listeners should use recommended security policies
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ES.8] Connections to Elasticsearch domains should be encrypted using the latest TLS security policy
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Opensearch.8] Connections to OpenSearch domains should be encrypted using the latest TLS security policy
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [S3.5] S3 general purpose buckets should require requests to use SSL11

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (6)​

PolicyLogic CountFlags
πŸ“ AWS API Gateway REST API Stage is not configured to use an SSL certificate for authentication 🟒1🟒 x6
πŸ“ AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic 🟒1🟒 x6
πŸ“ AWS CloudFront Web Distribution uses default SSL/TLS certificate 🟒1🟒 x6
πŸ“ AWS CloudFront Web Distribution uses Dedicated IP for SSL 🟒1🟒 x6
πŸ“ AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins 🟒1🟒 x6
πŸ“ AWS S3 Bucket Policy is not set to deny HTTP requests 🟒1🟒 x6