Notice

01/10/2025: Due to sustained inclement winter weather conditions, all Tarleton State University campuses will remain closed with alternative work locations for employees Friday, Jan. 10. More Information

SC-12: Cryptographic Key Establishment and Management

NIST Baseline: Low

DIR Required By: 01/20/2023

Review Date: 08/08/2024

The information resource owner, or designee, is responsible for:
- Managing cryptographic keys using automated mechanisms with supporting procedures where feasible.
  - When automated mechanisms are not feasible, manual key management may be used along with sufficient supporting procedures and documentation.
- Appropriately securing public and private keys.
- Maintaining the availability of information in the event of the loss of cryptographic keys by users.
  - Recovery of encryption keys should be part of business continuity planning except when data is only used by a single individual (e.g., a faculty member’s grade book working copy).

References/Additional Resources