CRY-10—Full Disk Encryption Access

>Control Description

Where full disk encryption is used, logical access must be managed independently of operating system authentication; decryption keys must not be associated with user accounts.

Theme

Process

Type

Preventive

Policy/Standard

Access Management Procedure

>Implementation Guidance

1. Ensure that the decryption keys are stored in a Trusted Platform Module (TPM). 2. Ensure that the decryption keys are not stored as plain text in insecure storage locations.

>Testing Procedure

1. Confirm that the decryption keys are stored in a Trusted Platform Module (TPM). 2. Confirm that the decryption keys are not stored as plain text in insecure storage locations.

>Audit Artifacts

E-CRY-19

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

Ask AI

Configure your API key to use AI features.

>Control Description

Theme

Type

Policy/Standard

>Implementation Guidance

>Testing Procedure

>Audit Artifacts

>Framework Mappings

FedRAMP Rev 51

PCI DSS2

TX-RAMP1

Ask AI

FedRAMP Rev 5
1

PCI DSS
2

TX-RAMP
1