Device Class 1: Cryptographic Protection

Control ID: SC-13 Cryptographic Protection Family: System and Communications Protection Source: NIST 800-53r4
Control: The information system implements [Assignment: organization-defined cryptographic uses and type of cryptography required for each use] in accordance with applicable state and federal laws, Executive Orders, directives, policies, regulations, and standards.
Supplemental Guidance:
Cryptography can be employed to support a variety of security solutions including, for example, the protection of classified and Controlled Unclassified Information, the provision of digital signatures, and the enforcement of information separation when authorized individuals have the necessary clearances for such information but lack the necessary formal access approvals. Cryptography can also be used to support random number generation and hash generation. Generally applicable cryptographic standards include FIPS-validated cryptography and NSA-approved cryptography. This control does not impose any requirements on organizations to use cryptography. However, if cryptography is required based on the selection of other security controls, organizations define each type of cryptographic use and the type of cryptography required (e.g., protection of classified information: NSA-approved cryptography; provision of digital signatures: FIPS-validated cryptography).

Related Controls: AC-2, AC-3, AC-7, AC-17, AC-18, AU-9, AU-10, CM-11, CP-9, IA-7, MA-4, MP-2, MP-4, MP-5, SA-4, SC-8, SC-12, SC-28, SI-7, IA-3
Control Enhancements: N/A
References: N/A
Mechanisms:

  • Devices shall support the cryptographic algorithms specified in IEEE 1609.2 .
  • Devices may support additional cryptographic algorithms.
  • Devices shall provide a FIPS 140-2 compliant random number generator, i.e.,
  • compliant to NIST SP 800-90Ar1 (NOTE: the Dual EC DRBG which is supported by SP 800-90A but not by SP 800-90A shall not be supported).

Protocol Implementation Conformance Statements:
ID Statement Status Reference Notes
SC-13/1 Supports cryptographic algorithms defined in IEEE 1609.2 SC-13/1:M IEEE 1609.2;?
SC-13/2 Supports additional cryptographic algorithms SC-13/2:O Define algorithms supported
SC-13/3 Provides a FIPS 140-2 compliant random number generator SC-13/3:M FIPS 140-2