The information resource implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, state laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.


  • The information resource owner, or designee, is responsible for ensuring that all requirements of this control are satisfied.


  • It is the responsibility of the information resource owner, or designee, to ensure encryption mechanisms used on information resources comply with, at a minimum, federal standard FIPS 140-2.