Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. Organizations define key management requirements in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines and specify appropriate options, parameters, and levels. Organizations manage trust stores to ensure that only approved trust anchors are part of such trust stores. This includes certificates with visibility external to organizational systems and certificates related to the internal operations of systems. NIST CMVP and NIST CAVP provide additional information on validated cryptographic modules and algorithms that can be used in cryptographic key management and establishment.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| SC-12 | Cryptographic Key Establishment and Management | Protects | T1072 | Software Deployment Tools |
| SC-12 | Cryptographic Key Establishment and Management | Protects | T1098.004 | SSH Authorized Keys |
| SC-12 | Cryptographic Key Establishment and Management | Protects | T1552 | Unsecured Credentials |
| SC-12 | Cryptographic Key Establishment and Management | Protects | T1552.001 | Credentials In Files |
| SC-12 | Cryptographic Key Establishment and Management | Protects | T1552.002 | Credentials in Registry |
| SC-12 | Cryptographic Key Establishment and Management | Protects | T1552.004 | Private Keys |
| SC-12 | Cryptographic Key Establishment and Management | Protects | T1563.001 | SSH Hijacking |
| SC-12 | Cryptographic Key Establishment and Management | Protects | T1573 | Encrypted Channel |
| SC-12 | Cryptographic Key Establishment and Management | Protects | T1573.001 | Symmetric Cryptography |
| SC-12 | Cryptographic Key Establishment and Management | Protects | T1573.002 | Asymmetric Cryptography |