>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CRY-03Encryption Key Storage

>Control Description

Encryption keys are securely stored in an approved encryption platform.

Theme

Process

Type

Preventive

Policy/Standard

Key Management Policy

>Implementation Guidance

1. Ensure that key management standard includes management operations using one of the listed options below, for encrypting and decrypting cardholder data: -Key-encrypting key is at least as strong as the data-encrypting key and is stored separately from the data-encrypting key -Stored within a cryptographic device -Keys are stored as at least two full-length key components or key shares

>Testing Procedure

1. Inspect and review the key management standard, to ensure that the management operations are using one of the listed options below, for encrypting and decrypting cardholder data: -Key-encrypting key is at least as strong as the data-encrypting key and is stored separately from the data-encrypting key -Stored within a cryptographic device -Keys are stored as at least two full-length key components or key shares 2. Inspect the process and validate that one of the above methods are being used to protect the keys.

>Audit Artifacts

E-CRY-04

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

PCI DSS
1

3.7.3

Ask AI

Configure your API key to use AI features.