SC-13 Cryptographic Protection
a. Determine the sc-13_odp.01 ; and
b. Implement the following types of cryptography required for each specified cryptographic use: sc-13_odp.02.
| Parameter ID | Definition |
|---|---|
| sc-13_odp.01 | cryptographic uses |
| sc-13_odp.02 | types of cryptography |
Baselines
- L
- M
- H
- P
Guidance
Cryptography can be employed to support a variety of security solutions, including the protection of classified information and controlled unclassified information, the provision and implementation of digital signatures, and the enforcement of information separation when authorized individuals have the necessary clearances but lack the necessary formal access approvals. Cryptography can also be used to support random number and hash generation. Generally applicable cryptographic standards include FIPS-validated cryptography and NSA-approved cryptography. For example, organizations that need to protect classified information may specify the use of NSA-approved cryptography. Organizations that need to provision and implement digital signatures may specify the use of FIPS-validated cryptography. Cryptography is implemented in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.
References 1
- FIPS 140-3 National Institute of Standards and Technology (2019) Security Requirements for Cryptographic Modules. (U.S. Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) 140-3.
Control Enhancements 4
- SC-13(01) FIPS-validated Cryptography
- SC-13(02) NSA-approved Cryptography
- SC-13(03) Individuals Without Formal Access Approvals
- SC-13(04) Digital Signatures
Related controls 29
- AC-02 Account Management L M H P
- AC-03 Access Enforcement L M H P
- AC-07 Unsuccessful Logon Attempts L M H P
- AC-17 Remote Access L M H P
- AC-18 Wireless Access L M H P
- AC-19 Access Control for Mobile Devices L M H P
- AU-09 Protection of Audit Information L M H P
- AU-10 Non-repudiation L M H P
- CM-11 User-installed Software L M H P
- CP-09 System Backup L M H P
- IA-03 Device Identification and Authentication L M H P
- IA-05 Authenticator Management L M H P
- IA-07 Cryptographic Module Authentication L M H P
- IA-13 Identity Providers and Authorization Servers L M H P
- MA-04 Nonlocal Maintenance L M H P
- MP-02 Media Access L M H P
- MP-04 Media Storage L M H P
- MP-05 Media Transport L M H P
- SA-04 Acquisition Process L M H P
- SA-08 Security and Privacy Engineering Principles L M H P
- SA-09 External System Services L M H P
- SC-08 Transmission Confidentiality and Integrity L M H P
- SC-12 Cryptographic Key Establishment and Management L M H P
- SC-20 Secure Name/Address Resolution Service (Authoritative Source) L M H P
- SC-23 Session Authenticity L M H P
- SC-28 Protection of Information at Rest L M H P
- SC-40 Wireless Link Protection L M H P
- SI-03 Malicious Code Protection L M H P
- SI-07 Software, Firmware, and Information Integrity L M H P