CCC.C11: Enforce Key Management Policies
Objective:Ensure that encryption keys are managed securely by enforcing
the use of approved algorithms, regular key rotation, and
customer-managed encryption keys (CMEKs).
Control Family:
Encryption
NIST CSF:
PR.DS-1
Control Mappings
CCM:
EKM-02
EKM-03
ISO_27001:
2013 A.10.1.2
NIST_800_53:
SC-12
SC-17
Test Requirements
CCC.C11.TR01:When encryption keys are used, the service MUST verify that
all encryption keys use approved cryptographic algorithms as
per organizational standards.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red
CCC.C11.TR02:When encryption keys are used, the service MUST verify that
encryption keys are rotated at a frequency compliant with
organizational policies.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red
CCC.C11.TR03:When encrypting data, the service MUST verify that
customer-managed encryption keys (CMEKs) are used.
TLP:
tlp_amber
tlp_red
CCC.C11.TR04:When encryption keys are accessed, the service MUST verify that
access to encryption keys is restricted to authorized personnel
and services, following the principle of least privilege.
TLP:
tlp_amber
tlp_red