Encryption keys may be used by an unauthorized entity due to inadequate key management practices or the compromise of a connected system. This could lead to the decryption of sensitive data, impacting its confidentiality and integrity.
Core / Ccc / Threats / DEV
Encryption Key is Misused
CCC.Core.TH18
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP01 | Encryption in Transit Enabled by Default | The service automatically encrypts all data using industry-standard cryptographic protocols prior to transmission via a network interface. |
| CCC.Core.CP02 | Encryption at Rest Enabled by Default | The service automatically encrypts all data using industry-standard cryptographic protocols prior to being written to a storage medium. |
Related Controls
| ID | Title | Description |
|---|---|---|
| CCC.Core.CN13 | Minimize Lifetime of Encryption and Authentication Certificates | Ensure that encryption and authentication certificates have a limited lifetime to reduce the risk of compromise and ensure the use of up-to-date security practices. |
External Mappings
| Framework | ID | Remarks |
|---|---|---|
| MITRE-ATT&CK | T1555.006 | Credentials from Password Stores: Cloud Secrets Management Stores |