← SC-12 (3) — Cryptographic Key Establishment and Management

CCI-002448

Definition

Distribute asymmetric cryptographic keys using: NSA-approved key management technology and processes; prepositioned keying material; DoD-approved or DoD-issued Medium Assurance PKI certificates; DoD-approved or DoD-issued Medium Hardware Assurance PKI certificates and hardware security tokens that protect the user's private key; or certificates issued in accordance with organization-defined requirements.

Parent Control

SC-12 (3)Cryptographic Key Establishment and ManagementSystem and Communications Protection

Linked STIG Checks (7)

V-214278CAT IIThe Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided.Apache Server 2.4 UNIX Site Security Technical Implementation Guide V-214301CAT IIThe Apache web server cookies, such as session cookies, sent to the client using SSL/TLS must not be compressed.Apache Server 2.4 UNIX Site Security Technical Implementation Guide V-214303CAT IICookies exchanged between the Apache web server and the client, such as session cookies, must have cookie properties set to force the encryption of cookies.Apache Server 2.4 UNIX Site Security Technical Implementation Guide V-237906CAT IIThe IBM z/VM TCP/IP configuration must include an SSLSERVERID statement.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-245542CAT IKubernetes API Server must disable basic authentication to protect information in transit.Kubernetes Security Technical Implementation Guide V-245543CAT IKubernetes API Server must disable token authentication to protect information in transit.Kubernetes Security Technical Implementation Guide V-245544CAT IKubernetes endpoints must use approved organizational certificate and key pair to protect information in transit.Kubernetes Security Technical Implementation Guide