| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
SC-12(2) |
FedRAMP_High_R4_SC-12(2) |
FedRAMP High SC-12 (2) |
System And Communications Protection |
Symmetric Keys |
Shared |
n/a |
The organization produces, controls, and distributes symmetric cryptographic keys using [Selection: NIST FIPS-compliant; NSA-approved] key management technology and processes. |
link |
1 |
| FedRAMP_Moderate_R4 |
SC-12(2) |
FedRAMP_Moderate_R4_SC-12(2) |
FedRAMP Moderate SC-12 (2) |
System And Communications Protection |
Symmetric Keys |
Shared |
n/a |
The organization produces, controls, and distributes symmetric cryptographic keys using [Selection: NIST FIPS-compliant; NSA-approved] key management technology and processes. |
link |
1 |
| hipaa |
0904.10f2Organizational.1-10.f |
hipaa-0904.10f2Organizational.1-10.f |
0904.10f2Organizational.1-10.f |
09 Transmission Protection |
0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls |
Shared |
n/a |
Key management is implemented based on specific roles and responsibilities, and in consideration of national and international regulations, restrictions, and issues. |
|
10 |
| hipaa |
1005.01d1System.1011-01.d |
hipaa-1005.01d1System.1011-01.d |
1005.01d1System.1011-01.d |
10 Password Management |
1005.01d1System.1011-01.d 01.02 Authorized Access to Information Systems |
Shared |
n/a |
The organization transmits passwords only when cryptographically-protected and stores passwords using an approved hash algorithm. |
|
6 |
| NIST_SP_800-53_R4 |
SC-12(2) |
NIST_SP_800-53_R4_SC-12(2) |
NIST SP 800-53 Rev. 4 SC-12 (2) |
System And Communications Protection |
Symmetric Keys |
Shared |
n/a |
The organization produces, controls, and distributes symmetric cryptographic keys using [Selection: NIST FIPS-compliant; NSA-approved] key management technology and processes. |
link |
1 |
| NIST_SP_800-53_R5 |
SC-12(2) |
NIST_SP_800-53_R5_SC-12(2) |
NIST SP 800-53 Rev. 5 SC-12 (2) |
System and Communications Protection |
Symmetric Keys |
Shared |
n/a |
Produce, control, and distribute symmetric cryptographic keys using [Selection: NIST FIPS-validated;NSA-approved] key management technology and processes. |
link |
1 |
| PCI_DSS_v4.0 |
3.6.1.2 |
PCI_DSS_v4.0_3.6.1.2 |
PCI DSS v4.0 3.6.1.2 |
Requirement 03: Protect Stored Account Data |
Cryptographic keys used to protect stored account data are secured |
Shared |
n/a |
Secret and private keys used to encrypt/decrypt stored account data are stored in one (or more) of the following forms at all times:
• Encrypted with a key-encrypting key that is at least as strong as the data-encrypting key, and that is stored separately from the dataencrypting key.
• Within a secure cryptographic device (SCD), such as a hardware security module (HSM) or PTS-approved point-of-interaction device.
• As at least two full-length key components or key shares, in accordance with an industry-accepted method. |
link |
8 |
| PCI_DSS_v4.0 |
3.7.2 |
PCI_DSS_v4.0_3.7.2 |
PCI DSS v4.0 3.7.2 |
Requirement 03: Protect Stored Account Data |
Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented |
Shared |
n/a |
Key-management policies and procedures are implemented to include secure distribution of cryptographic keys used to Protect Stored Account Data. |
link |
8 |
| PCI_DSS_v4.0 |
3.7.3 |
PCI_DSS_v4.0_3.7.3 |
PCI DSS v4.0 3.7.3 |
Requirement 03: Protect Stored Account Data |
Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented |
Shared |
n/a |
Key-management policies and procedures are implemented to include secure storage of cryptographic keys used to Protect Stored Account Data. |
link |
9 |
| PCI_DSS_v4.0 |
4.2.1 |
PCI_DSS_v4.0_4.2.1 |
PCI DSS v4.0 4.2.1 |
Requirement 04: Protect Cardholder Data with Strong Cryptography During Transmission Over Open, Public Networks |
PAN is protected with strong cryptography during transmission |
Shared |
n/a |
Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks:
• Only trusted keys and certificates are accepted.
• Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. This bullet is a best practice until its effective date; refer to applicability notes below for details.
• The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations.
• The encryption strength is appropriate for the encryption methodology in use. |
link |
12 |
| SWIFT_CSCF_v2022 |
2.1 |
SWIFT_CSCF_v2022_2.1 |
SWIFT CSCF v2022 2.1 |
2. Reduce Attack Surface and Vulnerabilities |
Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. |
Shared |
n/a |
Confidentiality, integrity, and authentication mechanisms are implemented to protect SWIFT-related component-to-component or system-to-system data flows. |
link |
36 |