Skip to main content
CRY

Cryptographic Protections

29 controls

Utilize appropriate cryptographic solutions and industry-recognized key management practices to protect the confidentiality and integrity of sensitive/regulated data both at rest and in transit.

SCF # Control Name Weight NIST CSF Frameworks
CRY-01 Use of Cryptographic Controls 10 — Critical Govern 122
CRY-01.1 Alternate Physical Protection 5 — Medium Protect 38
CRY-01.2 Export-Controlled Cryptography 5 — Medium Protect 37
CRY-01.3 Pre/Post Transmission Handling 5 — Medium Protect 6
CRY-01.4 Conceal / Randomize Communications 5 — Medium Protect 3
CRY-01.5 Cryptographic Cipher Suites and Protocols Inventory 9 — Critical Protect 8
CRY-02 Cryptographic Module Authentication 8 — High Protect 44
CRY-03 Transmission Confidentiality 10 — Critical Protect 104
CRY-04 Transmission Integrity 10 — Critical Protect 62
CRY-05 Encrypting Data At Rest 10 — Critical Protect 97
CRY-05.1 Storage Media 8 — High Protect 21
CRY-05.2 Offline Storage 5 — Medium Protect 4
CRY-05.3 Database Encryption 8 — High Protect 1
CRY-06 Non-Console Administrative Access 9 — Critical Protect 12
CRY-07 Wireless Access Authentication & Encryption 9 — Critical Protect 58
CRY-08 Public Key Infrastructure (PKI) 9 — Critical Protect 53
CRY-08.1 Availability 9 — Critical Recover 4
CRY-09 Cryptographic Key Management 10 — Critical Protect 44
CRY-09.1 Symmetric Keys 9 — Critical Protect 13
CRY-09.2 Asymmetric Keys 9 — Critical Protect 10
CRY-09.3 Cryptographic Key Loss or Change 8 — High Protect 30
CRY-09.4 Control & Distribution of Cryptographic Keys 9 — Critical Protect 16
CRY-09.5 Assigned Owners 8 — High Protect 1
CRY-09.6 Third-Party Cryptographic Keys 7 — High Protect 4
CRY-09.7 External System Cryptographic Key Control 5 — Medium Protect 5
CRY-10 Transmission of Cybersecurity & Data Protection Attributes 5 — Medium Protect 5
CRY-11 Certificate Authorities 8 — High Protect 6
CRY-12 Certificate Monitoring 5 — Medium Protect 3
CRY-13 Cryptographic Hash 5 — Medium Protect 3

The Secure Controls Framework (SCF) is maintained by SCF Council. Use of SCF content is subject to the SCF Terms & Conditions.

Manage SCF Controls in SCF Connect

Streamline your compliance program with automated control tracking, evidence management, and framework mapping.

Get Started Free