NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-12(3)Asymmetric Keys

Produce, control, and distribute asymmetric cryptographic keys using organization-defined parameter.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

SP 800-56A, SP 800-56B , and SP 800-56C provide guidance on cryptographic key establishment schemes and key derivation methods. SP 800-57-1, SP 800-57-2 , and SP 800-57-3 provide guidance on cryptographic key management.

Practitioner Notes

Asymmetric keys (public/private key pairs) are used for digital signatures, key exchange, and certificate-based authentication. They require their own management procedures.

Example 1: Generate RSA key pairs of at least 2048 bits (4096 preferred) using your PKI. Issue certificates that bind the public key to a verified identity. Configure certificate lifetimes — typically one to two years for user certificates and three to five years for CA certificates.

Example 2: Use your ADCS certificate authority to manage the full lifecycle of asymmetric keys — generation, issuance, renewal, revocation. Publish your certificate revocation list (CRL) and configure OCSP responders so systems can verify certificates in real time.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability