SC-13

  • Requirement

    a. Determine the [Assignment: organization-defined cryptographic uses]; and
    b. Implement the following types of cryptography required for each specified cryptographic use: [Assignment: organization-defined types of cryptography for each specified cryptographic use].

  • Discussion

    Cryptography can be employed to support a variety of security solutions, including the protection of classified information and controlled unclassified information, the provision and implementation of digital signatures, and the enforcement of information separation when authorized individuals have the necessary clearances but lack the necessary formal access approvals. Cryptography can also be used to support random number and hash generation. Generally applicable cryptographic standards include FIPS-validated cryptography and NSA-approved cryptography. For example, organizations that need to protect classified information may specify the use of NSA-approved cryptography. Organizations that need to provision and implement digital signatures may specify the use of FIPS-validated cryptography. Cryptography is implemented in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.

More Info

  • Title

    Cryptographic Protection
  • Family

    System and Communications Protection
  • Related NIST 800-53 ID

    AC-2;AC-3;AC-7;AC-17;AC-18;AC-19;AU-9;AU-10;CM-11;CP-9;IA-3;IA-5;IA-7;MA-4;MP-2;MP-4;MP-5;SA-4;SA-8;SA-9;SC-8;SC-12;SC-20;SC-23;SC-28;SC-40;SI-3;SI-7

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!