UCF STIG Viewer Logo

SC-13 CRYPTOGRAPHIC PROTECTION


Overview

Number Title Impact Priority Subject Area
SC-13 Cryptographic Protection LOW P1 System And Communications Protection

Instructions
The information system implements Assignment: organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
Guidance
Cryptography can be employed to support a variety of security solutions including, for example, the protection of classified and Controlled Unclassified Information, the provision of digital signatures, and the enforcement of information separation when authorized individuals have the necessary clearances for such information but lack the necessary formal access approvals. Cryptography can also be used to support random number generation and hash generation. Generally applicable cryptographic standards include FIPS-validated cryptography and NSA-approved cryptography. This control does not impose any requirements on organizations to use cryptography. However, if cryptography is required based on the selection of other security controls, organizations define each type of cryptographic use and the type of cryptography required (e.g., protection of classified information: NSA-approved cryptography; provision of digital signatures: FIPS-validated cryptography).

Enhancements
SC-13 (1) Fips-Validated Cryptography

Withdrawn: Incorporated into SC-13.

SC-13 (2) Nsa-Approved Cryptography

Withdrawn: Incorporated into SC-13.

SC-13 (3) Individuals Without Formal Access Approvals

Withdrawn: Incorporated into SC-13.

SC-13 (4) Digital Signatures

Withdrawn: Incorporated into SC-13.