NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-12(1)Availability

Maintain availability of information in the event of the loss of cryptographic keys by users.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Escrowing of encryption keys is a common practice for ensuring availability in the event of key loss. A forgotten passphrase is an example of losing a cryptographic key.

Practitioner Notes

Maintain the availability of your cryptographic keys — if you lose your keys, you lose access to all your encrypted data. Key backup and recovery are essential.

Example 1: Back up your BitLocker recovery keys to Active Directory. If a user forgets their PIN or a TPM fails, the recovery key stored in AD lets you unlock the drive. Verify backups are working by spot-checking that recovery keys are present for all encrypted machines.

Example 2: For your certificate authority, create an encrypted backup of the CA private key and store it in a physical safe at a secure offsite location. Document the recovery procedure and test it annually — you need to know you can restore the CA if your primary server is destroyed.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability