NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-12(3)Asymmetric Keys

Produce, control, and distribute asymmetric cryptographic keys using {{ insert: param, sc-12.03_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

[SP 800-56A](#20957dbb-6a1e-40a2-b38a-66f67d33ac2e), [SP 800-56B](#0d083d8a-5cc6-46f1-8d79-3081d42bcb75) , and [SP 800-56C](#eef62b16-c796-4554-955c-505824135b8a) provide guidance on cryptographic key establishment schemes and key derivation methods. [SP 800-57-1](#110e26af-4765-49e1-8740-6750f83fcda1), [SP 800-57-2](#e7942589-e267-4a5a-a3d9-f39a7aae81f0) , and [SP 800-57-3](#8306620b-1920-4d73-8b21-12008528595f) provide guidance on cryptographic key management.

Practitioner Notes

Asymmetric keys (public/private key pairs) are used for digital signatures, key exchange, and certificate-based authentication. They require their own management procedures.

Example 1: Generate RSA key pairs of at least 2048 bits (4096 preferred) using your PKI. Issue certificates that bind the public key to a verified identity. Configure certificate lifetimes — typically one to two years for user certificates and three to five years for CA certificates.

Example 2: Use your ADCS certificate authority to manage the full lifecycle of asymmetric keys — generation, issuance, renewal, revocation. Publish your certificate revocation list (CRL) and configure OCSP responders so systems can verify certificates in real time.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability