CM-3(6)

  • Requirement

    Ensure that cryptographic mechanisms used to provide the following controls are under configuration management: [Assignment: organization-defined controls].

  • Discussion

    The controls referenced in the control enhancement refer to security and privacy controls from the control catalog. Regardless of the cryptographic mechanisms employed, processes and procedures are in place to manage those mechanisms. For example, if system components use certificates for identification and authentication, a process is implemented to address the expiration of those certificates.

More Info

  • Title

    Configuration Change Control | Cryptography Management
  • Family

    Configuration Management
  • NIST 800-53B Baseline(s)

    • High
  • Related NIST 800-53 ID

    SC-12

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!