CCC.C11: Enforce Key Management Policies
Objective:Ensure that encryption keys are managed securely by enforcing
the use of approved algorithms, regular key rotation, and
customer-managed encryption keys (CMEKs).
Control Family:
Encryption
Threats:
| ID | Title | Description |
|---|---|---|
| CCC.TH16 | Logging and Monitoring are Disabled | Logging and monitoring may be disabled, potentially hindering the detection of security events and reducing visibility into system activities. This condition can impact the organization's ability to investigate incidents and maintain operational integrity. |
NIST CSF:
PR.DS-1
Control Mappings
CCM:
EKM-02
EKM-03
ISO_27001:
2013 A.10.1.2
NIST_800_53:
SC-12
SC-17
Test Requirements
CCC.C11.TR01:When encryption keys are used, the service MUST verify that
all encryption keys use approved cryptographic algorithms as
per organizational standards.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red
CCC.C11.TR02:When encryption keys are used, the service MUST verify that
encryption keys are rotated at a frequency compliant with
organizational policies.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red
CCC.C11.TR03:When encrypting data, the service MUST verify that
customer-managed encryption keys (CMEKs) are used.
TLP:
tlp_amber
tlp_red
CCC.C11.TR04:When encryption keys are accessed, the service MUST verify that
access to encryption keys is restricted to authorized personnel
and services, following the principle of least privilege.
TLP:
tlp_amber
tlp_red