compliance controls are associated with this Policy definition 'Certificates using RSA cryptography should have the specified minimum key size' (cee51871-e572-4576-855c-047c820360f0)
Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
CMMC_2.0_L2 |
SC.L2-3.13.10 |
CMMC_2.0_L2_SC.L2-3.13.10 |
404 not found |
|
|
|
n/a |
n/a |
|
37 |
CMMC_2.0_L2 |
SC.L2-3.13.11 |
CMMC_2.0_L2_SC.L2-3.13.11 |
404 not found |
|
|
|
n/a |
n/a |
|
4 |
CMMC_L3 |
SC.3.177 |
CMMC_L3_SC.3.177 |
CMMC L3 SC.3.177 |
System and Communications Protection |
Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Cryptography can be employed to support many security solutions including the protection of controlled unclassified information, the provision of digital signatures, and the enforcement of information separation when authorized individuals have the necessary clearances for such information but lack the necessary formal access approvals. Cryptography can also be used to support random number generation and hash generation. Cryptographic standards include FIPSvalidated cryptography and/or NSA-approved cryptography. |
link |
25 |
CMMC_L3 |
SC.3.190 |
CMMC_L3_SC.3.190 |
CMMC L3 SC.3.190 |
System and Communications Protection |
Protect the authenticity of communications sessions. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Authenticity protection includes protecting against man-in-the-middle attacks, session hijacking, and the insertion of false information into communications sessions. This requirement addresses communications protection at the session versus packet level (e.g., sessions in service-oriented architectures providing web-based services) and establishes grounds for confidence at both ends of communications sessions in ongoing identities of other parties and in the validity of information transmitted. |
link |
8 |
K_ISMS_P_2018 |
2.10.1 |
K_ISMS_P_2018_2.10.1 |
K ISMS P 2018 2.10.1 |
2.10 |
Establish Procedures for Managing the Security of System Operations |
Shared |
n/a |
Establish and implement operating procedures for managing the security of system operations such as designating system administrators, updating policies, changing rulesets, monitoring events, managing policy implementations or exceptions. |
|
408 |
K_ISMS_P_2018 |
2.10.2 |
K_ISMS_P_2018_2.10.2 |
K ISMS P 2018 2.10.2 |
2.10 |
Establish Protective Measures for Administrator Privileges and Security Configurations |
Shared |
n/a |
Establish and implement protective measures with regard to administrator privileges and security configurations to ensure that important information and personal information are not exposed as a result of unauthorized access by service type or misconfigurations. |
|
385 |
New_Zealand_ISM |
17.2.24.C.01 |
New_Zealand_ISM_17.2.24.C.01 |
New_Zealand_ISM_17.2.24.C.01 |
17. Cryptography |
17.2.24.C.01 Using RSA |
|
n/a |
Agencies using RSA, for the approved use of digital signatures and passing encryption session keys or similar keys, MUST use a modulus of at least 3072 bits. |
|
1 |
NZ_ISM_v3.5 |
CR-5 |
NZ_ISM_v3.5_CR-5 |
NZISM Security Benchmark CR-5 |
Cryptography |
17.2.24 Using RSA |
Customer |
n/a |
A modulus of at least 3072 bits for RSA is considered good practice by the cryptographic community. |
link |
1 |
RBI_ITF_NBFC_v2017 |
3.8 |
RBI_ITF_NBFC_v2017_3.8 |
RBI IT Framework 3.8 |
Information and Cyber Security |
Digital Signatures-3.8 |
|
n/a |
A Digital Signature Certificate authenticates entity???s identity electronically. It also provides a high level of security for online transactions by ensuring absolute privacy of the information exchanged using a Digital Signature Certificate. NBFCs may consider use of Digital signatures to protect the authenticity and integrity of important electronic documents and also for high value fund transfer. |
link |
7 |