SC-12(6)

  • Requirement

    Maintain physical control of cryptographic keys when stored information is encrypted by external service providers.

  • Discussion

    For organizations that use external service providers (e.g., cloud service or data center providers), physical control of cryptographic keys provides additional assurance that information stored by such external providers is not subject to unauthorized disclosure or modification.

More Info

  • Title

    Cryptographic Key Establishment and Management | Physical Control of Keys
  • Family

    System and Communications Protection
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!