DS5.8 Cryptographic Key Management
Design and implement policies and procedures to govern cryptographic key management. These policies and procedures must include topics such as key generation, revocation, distribution, use, and escrow.
Illustrative Controls and the TIBCO LogLogic Solution
Since encryption is typically employed for an organization’s most valuable systems and data, the secure management of these encryption keys is critical to maintaining the confidentiality, integrity, and availability of this data.
To satisfy this control objective, the organization must ensure that key management policies and procedures are appropriate for the sensitivity of the data being encrypted. Logging and monitoring of key management activities should be implemented to help ensure the security and integrity of the key management process.