3.7 Ensure that security policies and operational procedures for managing vendor defaults and other security parameters are documented, in use, and known to all affected parties. (Maps to prior Requirement 12.2)
Illustrative Controls and the TIBCO LogLogic Solution
The encryption solution should not allow for or accept substitution of keys coming from unauthorized sources or unexpected processes.
Reports and Alerts
Use the link/reference to see the 3.7 reports and alerts: 3.7 on page 98.
