The control requires the protection of authenticators at the system level. For spacecraft, secrets fall into three groups: symmetric COMSEC keys, asymmetric device certificates, and user credentials stored for interactive logins during ground tests. Keys reside in a certified crypto module that provides tamper detection and zeroization. Certificates are cached in radiation-hardened, non-volatile memory and are verified by checksum each boot. Any temporary password files used during integration are erased before launch. Update commands carrying new keys are wrapped in a signed, encrypted loader and can be applied only in safe configuration mode, preventing accidental overwrite during nominal operations.