800-53|CM-3(6)

Title

CRYPTOGRAPHY MANAGEMENT

Description

The organization ensures that cryptographic mechanisms used to provide [Assignment: organization-defined security safeguards] are under configuration management.

Supplemental

Regardless of the cryptographic means employed (e.g., public key, private key, shared secrets), organizations ensure that there are processes and procedures in place to effectively manage those means. For example, if devices use certificates as a basis for identification and authentication, there needs to be a process in place to address the expiration of those certificates.

Reference Item Details

Related: SC-13

Category: CONFIGURATION MANAGEMENT

Parent Title: CONFIGURATION CHANGE CONTROL

Family: CONFIGURATION MANAGEMENT

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.3.6 Ensure that the RotateKubeletServerCertificate argument is set to trueUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L2 Master
1.3.6 Ensure that the RotateKubeletServerCertificate argument is set to trueUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.3.6 Ensure that the RotateKubeletServerCertificate argument is set to trueUnixCIS Kubernetes Benchmark v1.5.1 L2
1.3.7 Ensure that the RotateKubeletServerCertificate argument is set to trueUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.19 Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removedamazon_awsCIS Amazon Web Services Foundations L1 1.3.0
2.1.13 Ensure that the --rotate-certificates argument is not set to falseUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
2.5 Ensure Non-Default, Unique Cryptographic Material is in UseUnixCIS MySQL 5.7 Community Linux OS L1 v2.0.0
2.5 Ensure Non-Default, Unique Cryptographic Material is in UseUnixCIS MySQL 5.7 Enterprise Linux OS L1 v2.0.0
2.6 Ensure Non-Default, Unique Cryptographic Material is in UseUnixCIS MySQL 8.0 Community Linux OS L1 v1.0.0
2.6 Ensure Non-Default, Unique Cryptographic Material is in UseUnixCIS MySQL 8.0 Enterprise Linux OS L1 v1.3.0
3.8 Ensure rotation for customer created CMKs is enabledamazon_awsCIS Amazon Web Services Foundations L2 1.3.0
4.2.11 Ensure that the --rotate-certificates argument is not set to falseUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Worker
4.2.11 Ensure that the --rotate-certificates argument is not set to falseUnixCIS Kubernetes Benchmark v1.5.1 L1