SC-28(3)
Cryptographic Keys
System and Communications Protection
NIST Control Text
Provide protected storage for cryptographic keys [Selection: [Assignment: organization-defined safeguards]; hardware-protected key store].
NIST Discussion
A Trusted Platform Module (TPM) is an example of a hardware-protected data store that can be used to protect cryptographic keys.
Parameter Values
Selection: Hardware-protected key store
SL5 Supplemental Guidance
AI accelerators within Weight Enclaves provide a dedicated secure element for cryptographic keys used in encrypted data paths and attestation. The host system cannot access this key storage.
Hardware-provisioned identity keys (e.g., e-fuse keys embedded during manufacturing) serve as the accelerator’s unforgeable identity, enabling the accelerator to prove its identity to remote parties.