SC-12: Cryptographic Key Establishment and Management
From NIST's SP800-53:
Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction].
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1552.002 | Credentials in Registry | Credential Access |
| T1573.002 | Asymmetric Cryptography | Command and Control |
| T1072 | Software Deployment Tools | Execution, Lateral Movement |
| T1552 | Unsecured Credentials | Credential Access |
| T1563.001 | SSH Hijacking | Lateral Movement |
| T1098.004 | SSH Authorized Keys | Persistence, Privilege Escalation |
| T1573.001 | Symmetric Cryptography | Command and Control |
| T1573 | Encrypted Channel | Command and Control |
| T1552.001 | Credentials In Files | Credential Access |
| T1552.004 | Private Keys | Credential Access |