NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-12(4)PKI Certificates

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Practitioner Notes

PKI certificates must be issued by a trusted certificate authority and managed throughout their lifecycle — from issuance to revocation.

Example 1: Deploy an internal PKI using Active Directory Certificate Services. Create certificate templates for different use cases — user authentication, server TLS, code signing. Use GPO to auto-enroll domain computers and users for their appropriate certificates.

Example 2: For public-facing TLS certificates, use a trusted commercial CA (DigiCert, Let's Encrypt) and automate renewal with ACME protocol. Monitor certificate expiration dates with a tool like Keyfactor or a simple script that alerts 30 days before any certificate expires.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability