CHG-02.5 ยท Cryptographic Management

Control Description

Mechanisms exist to govern assets involved in providing cryptographic protections according to the organization's configuration management processes.

Control Question
Assessment question for control validation

Does the organization govern assets involved in providing cryptographic protections according to its configuration management processes?

Control Weighting
5
Validation Cadence
Annual
NIST CSF Function
Protect
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 2 - Operational
Tier 3 - Tactical