CMMC 2.0 • LEVEL 2 • SYSTEM & COMMUNICATIONS PROTECTION

SC.L2-3.13.10Cryptographic Key Establishment and Management

Cryptographic keys can be established and managed using either manual procedures or automated mechanisms supported by manual procedures. Organizations satisfy key establishment and management requirements in accordance with applicable federal laws, Executive Orders, policies, directives, regulations, and standards that specify appropriate options, levels, and parameters. This requirement is related to [](#/cprt/framework/version/SP_800_171_3_0_0/home?element=03.13.11) 03.13.11.

NIST 800-171 Mapping

NIST 800-53 Controls

SC-12

Assessment Objectives

  • cryptographic keys are established in the system in accordance with the following key management requirements: 15 minutesCMMC/STIG.
  • cryptographic keys are managed in the system in accordance with the following key management requirements: 15 minutesCMMC/STIG.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

SC.L1-3.13.1 Boundary Protection SC.L2-3.13.2 Employ Architectural Designs, Software Development Techniques, and Systems Engineering Principles That Promote Effective Information Security SC.L2-3.13.3 Separate User Functionality from System Management Functionality SC.L2-3.13.4 Information in Shared System Resources