NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-16(3)Cryptographic Binding

Implement {{ insert: param, sc-16.03_odp }} to bind security and privacy attributes to transmitted information.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Cryptographic mechanisms and techniques can provide strong security and privacy attribute binding to transmitted information to help ensure the integrity of such information.

Practitioner Notes

Bind security attributes to data using cryptographic mechanisms so the attributes cannot be separated from the data or independently modified.

Example 1: Use Azure Information Protection (AIP) to apply encrypted labels that are cryptographically bound to the document content. The label and its protections cannot be removed without the appropriate decryption key, even if the file is copied to another system.

Example 2: Implement HMAC-based integrity checks on data export files that include both the data and its classification metadata. The receiving system verifies the HMAC before processing, ensuring the classification has not been altered.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability