Back

Implement the documented cryptographic module security functions.


CONTROL ID
06755
CONTROL TYPE
Data and Information Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Define the cryptographic module security functions and the cryptographic module operational modes., CC ID: 06542

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • All cryptographic procedures used (e.g. encryption, signature, and hash algorithms, protocols, applications) provide the security required by the respective application field according to the state of the art. (5.1.1 Requirements (must) Bullet 1, Information Security Assessment, Version 5.1)
  • The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. (IA-7 Control, StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. (IA-7 Control, StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. (IA-7 Control, StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. (IA-7 Control, StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. (IA-7 High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. (IA-7 Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. (IA-7 Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication. (IA-7 Control, FedRAMP Security Controls High Baseline, Version 5)
  • Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication. (IA-7 Control, FedRAMP Security Controls Low Baseline, Version 5)
  • Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication. (IA-7 Control, FedRAMP Security Controls Moderate Baseline, Version 5)
  • Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication. (IA-7 Control, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication. (IA-7 Control, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication. (IA-7 Control, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Multi-factor authenticators used at AAL3 SHALL be hardware cryptographic modules validated at FIPS 140 Level 2 or higher overall with at least FIPS 140 Level 3 physical security. Singlefactor cryptographic devices used at AAL3 SHALL be validated at FIPS 140 Level 1 or higher overall with at least FI… (4.3.2 ¶ 2, Digital Identity Guidelines: Authentication and Lifecycle Management, NIST SP 800-63B)
  • The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. (IA-7 Control: Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. (IA-7 Control: High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. (IA-7 Control: Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization must implement cryptographic module authentication for Information Systems in compliance with applicable laws, policies, and standards for authentication. (App F § IA-7, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization must implement cryptographic modules for Information Systems in compliance with applicable laws, policies and standards for authentication. (App F § SC-13, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. (IA-7 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. (IA-7 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. (IA-7 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. (IA-7 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. (IA-7 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. (IA-7 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. (IA-7 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. (IA-7 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication. (IA-7 Control, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication. (IA-7 Control, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. (IA-7 Control, TX-RAMP Security Controls Baseline Level 1)
  • The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. (IA-7 Control, TX-RAMP Security Controls Baseline Level 2)