| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.KeyMgmt.CN01 | Alert on Key-version Changes | Generate near-real-time alerts when a KMS key version is disabled or scheduled for deletion, enabling rapid investigation and recovery. | Observability | 1 | 2 | 1 |
| CCC.KeyMgmt.CN02 | Limit Decrypt Permissions | Restrict the Decrypt operation to authorised principals only, applying the principle of least privilege to protect sensitive data. | Access | 1 | 2 | 1 |
| CCC.KeyMgmt.CN03 | Enforce Automatic Rotation | Ensure symmetric keys rotate automatically within policy intervals to reduce exposure of key material. | Encryption | 1 | 2 | 1 |
| CCC.KeyMgmt.CN04 | Validate Imported Keys | Accept only externally generated keys that meet approved cryptographic strength and provenance requirements. | Encryption | 1 | 2 | 1 |
Crypto / Key
Key Management Controls
Version: DEV