>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CRY-04Clear Text Key Management

>Control Description

If applicable, manual clear-text cryptographic key-management operations must be managed using split knowledge and dual control.

Theme

Process

Type

Preventive

Policy/Standard

Cryptographic Management Policy

>Implementation Guidance

1. Ensure that the key management standard includes guidance on management operations being managed using split knowledge and dual controls. 2. Establish a key custodian acknowledgement form. 3. Ensure that when split knowledge is in place, both key components are 2 full keys, not 1 key split into 2 components.

>Testing Procedure

1. Inspect and review the key management standard, to ensure that the management operations are managed using split knowledge and dual controls. 2. Observe and confirm a sample key custodian acknowledgement form. 3. Inspect that if split knowledge is in place both key components are 2 full keys, not 1 key split into 2 components.

>Audit Artifacts

E-CRY-04
E-CRY-05

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

PCI DSS
1

3.7.6

Ask AI

Configure your API key to use AI features.