| ID | Title | Objective |
|---|---|---|
| CCC.KeyMgmt.CN01 | Alert on Key-version Changes | Generate near-real-time alerts when a KMS key version is disabled or scheduled for deletion, enabling rapid investigation and recovery. |
| CCC.KeyMgmt.CN02 | Limit Decrypt Permissions | Restrict the Decrypt operation to authorised principals only, applying the principle of least privilege to protect sensitive data. |
| CCC.KeyMgmt.CN03 | Enforce Automatic Rotation | Ensure symmetric keys rotate automatically within policy intervals to reduce exposure of key material. |
| CCC.KeyMgmt.CN04 | Validate Imported Keys | Accept only externally generated keys that meet approved cryptographic strength and provenance requirements. |
Crypto / Key
Controls
Version: