Ensure symmetric keys rotate automatically within policy intervals to reduce exposure of key material.
Crypto / Key / Controls / DEV
Enforce Automatic Rotation
CCC.KeyMgmt.CN03 · Encryption
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.KeyMgmt.CP20 | Automatic Symmetric Key Rotation | Supports the ability to automatically rotate a managed symmetric key as long as the key was generated within the KMS. |
| CCC.KeyMgmt.CP21 | Manual Key Rotation | Supports the ability to manually rotate a managed key. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.KeyMgmt.TH03 | Key Rotation is Disabled or Delayed Beyond Policy Limits | Modification of automatic or manual rotation settings can keep older key material active longer than intended, decreasing cryptographic resilience and extending exposure in the event of key compromise. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.KeyMgmt.CN03.AR01 | When rotation settings are examined, rotation MUST be enabled with an interval not exceeding 365 days. | tlp-green |