National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NIST Special Publication 800-53 (Rev. 4)

Security Controls and Assessment Procedures for Federal Information Systems and Organizations

SC-13 CRYPTOGRAPHIC PROTECTION

Family:
SC - SYSTEM AND COMMUNICATIONS PROTECTION
Class:
Priority:
P1 - Implement P1 security controls first.
Baseline Allocation:
Low Moderate High
SC-13 SC-13 SC-13

Control Description

The information system implements [Assignment: organization-defined cryptographic uses and type of cryptography required for each use] in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Supplemental Guidance

Cryptography can be employed to support a variety of security solutions including, for example, the protection of classified and Controlled Unclassified Information, the provision of digital signatures, and the enforcement of information separation when authorized individuals have the necessary clearances for such information but lack the necessary formal access approvals. Cryptography can also be used to support random number generation and hash generation. Generally applicable cryptographic standards include FIPS-validated cryptography and NSA-approved cryptography. This control does not impose any requirements on organizations to use cryptography. However, if cryptography is required based on the selection of other security controls, organizations define each type of cryptographic use and the type of cryptography required (e.g., protection of classified information: NSA-approved cryptography; provision of digital signatures: FIPS-validated cryptography).

Related to: AC-2AC-3AC-7AC-17AC-18AU-9AU-10CM-11CP-9IA-3IA-7MA-4MP-2MP-4MP-5SA-4SC-8SC-12SC-28SI-7

Control Enhancements

SC-13(1) CRYPTOGRAPHIC PROTECTION | FIPS-VALIDATED CRYPTOGRAPHY
[Withdrawn: Incorporated into SC-13].
SC-13(2) CRYPTOGRAPHIC PROTECTION | NSA-APPROVED CRYPTOGRAPHY
[Withdrawn: Incorporated into SC-13].
SC-13(3) CRYPTOGRAPHIC PROTECTION | INDIVIDUALS WITHOUT FORMAL ACCESS APPROVALS
[Withdrawn: Incorporated into SC-13].
SC-13(4) CRYPTOGRAPHIC PROTECTION | DIGITAL SIGNATURES
[Withdrawn: Incorporated into SC-13].

References

FIPS Publication 140 http://csrc.nist.gov/publications/PubsFIPS.html
http://csrc.nist.gov/cryptval http://csrc.nist.gov/cryptval
http://www.cnss.gov http://www.cnss.gov