myctrl.tools
Compare

SC-13Cryptographic Protection

LOW
MODERATE
HIGH

>Control Description

a

Determine the organization-defined cryptographic uses; and

b

Implement the following types of cryptography required for each specified cryptographic use: organization-defined types of cryptography for each specified cryptographic use.

>Control Enhancements(4)

SC-13(1)
SC-13(2)
SC-13(3)
SC-13(4)

>Cross-Framework Mappings

NIST CSF 2.0

via NIST CSF 2.0 Concept Crosswalk
PR.DS-01
Compare
PR.DS-02
Compare
PR.DS-10
Compare

SOC 2 TSC

CC6.7
Compare

SCF

CRY-01
Compare
CRY-01.2
Compare
CRY-05
Compare

>Programmatic Queries

Beta

Related Services

KMS
ACM
S3 Encryption

CLI Commands

Check S3 default encryption
aws s3api get-bucket-encryption --bucket BUCKET_NAME
List KMS key algorithms
aws kms describe-key --key-id KEY_ID --query 'KeyMetadata.{Algorithm:KeySpec,Usage:KeyUsage}'
Check EBS encryption default
aws ec2 get-ebs-encryption-by-default
Verify RDS encryption
aws rds describe-db-instances --query 'DBInstances[*].{Id:DBInstanceIdentifier,Encrypted:StorageEncrypted,KmsKey:KmsKeyId}'
Open AWS ConsoleDocumentation

>Relevant Technologies

Technology-specific guidance with authoritative sources and verification commands.

IstioLinkerdConsul ConnectAmazon BedrockNIST CMVP API

>Supplemental Guidance

Cryptography can be employed to support a variety of security solutions, including the protection of classified information and controlled unclassified information, the provision and implementation of digital signatures, and the enforcement of information separation when authorized individuals have the necessary clearances but lack the necessary formal access approvals. Cryptography can also be used to support random number and hash generation. Generally applicable cryptographic standards include FIPS-validated cryptography and NSA-approved cryptography.

For example, organizations that need to protect classified information may specify the use of NSA-approved cryptography. Organizations that need to provision and implement digital signatures may specify the use of FIPS-validated cryptography. Cryptography is implemented in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.

>Related Controls

AC-2
AC-3
AC-7
AC-17
AC-18
AC-19
AU-9
AU-10
CM-11
CP-9
IA-3
IA-5
IA-7
IA-13
MA-4
MP-2
MP-4
MP-5
SA-4
SA-8
SA-9
SC-8
SC-12
SC-20
SC-23
SC-28
SC-40
SI-3
SI-7

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies govern the implementation of cryptographic protection?
  • How are system and communications protection requirements defined and maintained?
  • Who is responsible for configuring and maintaining the security controls specified in SC-13?
  • What is your cryptographic key management policy?

Technical Implementation:

  • How is cryptographic protection technically implemented in your environment?
  • What systems, tools, or configurations enforce this protection requirement?
  • How do you ensure that cryptographic protection remains effective as the system evolves?
  • What encryption mechanisms and algorithms are used to protect data?
  • How is separation of duties or partitioning technically enforced?

Evidence & Documentation:

  • What documentation demonstrates the implementation of SC-13?
  • Can you provide configuration evidence or system diagrams showing this protection control?
  • What logs or monitoring data verify that this control is functioning correctly?
  • Can you demonstrate that FIPS 140-2 validated cryptography is used?

Ask AI

Configure your API key to use AI features.