Key Management
Key Management Service is a tool provided by cloud service providers to securely create, store, and manage cryptographic keys used to encrypt and decrypt sensitive data.
Release Details
Version:
DEV
Assurance Level:
Release Manager:
DB
Development Build
Contributors
DT
Development Team
Change Log
- Development build - no formal changelog available
Capabilities
| ID | Title | Description | Threat Mappings |
|---|---|---|---|
| CCC.KeyMgmt.F01 | AES-256 | Support for the AES-256 Advanced Encryption Standard with a 256-bit key for encryption and decryption. | 0 |
| CCC.KeyMgmt.F02 | RSA-2048 | Supports the RSA algorithm with a key size of 2048 bits for encryption and digital signatures. | 0 |
| CCC.KeyMgmt.F03 | RSA-3072 | Supports the RSA algorithm with a key size of 3072 bits for encryption and digital signatures. | 0 |
| CCC.KeyMgmt.F04 | RSA-4096 | Supports the RSA algorithm with a key size of 4096 bits for encryption and digital signatures. | 0 |
| CCC.KeyMgmt.F05 | EC-P256 | Supports the elliptic curve signing algorithm using the P-256 Curve for digital signatures. | 0 |
| CCC.KeyMgmt.F06 | EC-P256K | Supports the elliptic curve signing algorithm using the Secp256k1 Curve for digital signatures. | 0 |
| CCC.KeyMgmt.F07 | EC-P384 | Supports the elliptic curve signing algorithm using the P-384 Curve for digital signatures. | 0 |
| CCC.KeyMgmt.F08 | Key Creation | Supports secure key creation within the key management service using the supported algorithms. | 0 |
| CCC.KeyMgmt.F09 | Encrypt data | Provides the ability to securely encrypt data using a managed key in the supported encryption algorithms. | 0 |
| CCC.KeyMgmt.F10 | Decrypt data | Provides the ability to securely decrypt data using a managed key in the supported encryption algorithms. | 1 |
| CCC.KeyMgmt.F11 | Create Digital Signature | Supports the generation of a digital signature for data using the supported signing algorithms. | 0 |
| CCC.KeyMgmt.F12 | Verify Digital Signature | Supports the verification of the digital signature of some data using the supported signing algorithms. | 0 |
| CCC.KeyMgmt.F13 | Supports FIPS 140-2 Level 3 | Supports FIPS 140-2 Level 3 certified Hardware Security Modules (HSM). | 0 |
| CCC.KeyMgmt.F14 | Key Versioning | Provides the ability to manage multiple versions of a key. | 1 |
| CCC.KeyMgmt.F15 | Key label | Supports the ability to tag a managed key with user defined labels. | 0 |
| CCC.KeyMgmt.F16 | Disable key | Supports the ability to disable a managed key without deletion. | 1 |
| CCC.KeyMgmt.F17 | Enable key | Supports the ability to re-enable a disabled managed key. | 1 |
| CCC.KeyMgmt.F18 | Soft Delete | Supports the ability to prevent the immediate deletion of a managed key. This includes the ability to recover accidental deletion of keys within a grace period. | 1 |
| CCC.KeyMgmt.F19 | Delete Key | Supports the ability to permanently delete a managed key after the grace period defined on soft delete. | 1 |
| CCC.KeyMgmt.F20 | Automatic Symmetric Key Rotation | Supports the ability to automatically rotate a managed symmetric key as long as the key was generated within the KMS. | 1 |
| CCC.KeyMgmt.F21 | Manual Key Rotation | Supports the ability to manually rotate a managed key. | 1 |
| CCC.KeyMgmt.F22 | Key Import | Supports the ability to import externally generated keys into the KMS. | 1 |
| CCC.KeyMgmt.F23 | Key Expiry | Supports the ability to set an expiration date for a key | 0 |
| CCC.KeyMgmt.F24 | Key Replication | Supports the ability to securely replicate a key across different regions using automated or manual process. | 0 |
| CCC.Core.F01 | Encryption in Transit Enabled by Default | The service automatically encrypts all data using industry-standard cryptographic protocols prior to transmission via a network interface. | 0 |
| CCC.Core.F02 | Encryption at Rest Enabled by Default | The service automatically encrypts all data using industry-standard cryptographic protocols prior to being written to a storage medium. | 0 |
| CCC.Core.F03 | Access Log Publication | The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors. | 0 |
| CCC.Core.F06 | Access Control | The service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes. | 1 |
| CCC.Core.F07 | Event Publication | The service automatically publishes a structured state-change record upon creation, deletion, or modification of data, configuration, components, or child resources. | 0 |
| CCC.Core.F08 | Data Replication | The service automatically replicates data across multiple deployments simultaneously with parity, or may be configured to do so. | 0 |
| CCC.Core.F09 | Metrics Publication | The service automatically publishes structured, numeric, time-series data points related to the performance, availability, and health of the service or its child resources. | 0 |
| CCC.Core.F10 | Log Publication | The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service. | 0 |
| CCC.Core.F14 | API Access | The service exposes a port enabling external actors to interact programmatically with the service and its resources using HTTP protocol methods such as GET, POST, PUT, and DELETE. | 0 |
Threats
| ID | Title | Description | External Mappings | Capability Mappings | Control Mappings |
|---|---|---|---|---|---|
| CCC.KeyMgmt.TH01 | Deletion or Disabling of Key Versions Causing Denial of Service or Data Loss | Disabling, scheduling deletion, or permanently purging KMS key versions that protect sensitive data can prevent required decryption or signing operations. Service interruption or irreversible data loss may occur if the key material is no longer recoverable. | 1 | 1 | 1 |
| CCC.KeyMgmt.TH02 | Unrestricted Use of a KMS Key to Decrypt Data | Misconfigured permissions that allow broad invocation of the Decrypt API can expose plaintext data, enabling unintended disclosure or exfiltration of sensitive information. | 1 | 1 | 1 |
| CCC.KeyMgmt.TH03 | Key Rotation is Disabled or Delayed Beyond Policy Limits | Modification of automatic or manual rotation settings can keep older key material active longer than intended, decreasing cryptographic resilience and extending exposure in the event of key compromise. | 1 | 1 | 1 |
| CCC.KeyMgmt.TH04 | Introduction of Weak or Compromised Key Material During Import | Insufficient validation during the key-import process may allow weak, back-doored, or otherwise compromised key material to be introduced, reducing the overall strength of subsequent cryptographic operations. | 1 | 1 | 1 |
| CCC.Core.TH01 | Access is Granted to Unauthorized Users | Logic designed to give different permissions to different entities may be misconfigured or manipulated, allowing unauthorized entities to access restricted parts of the service, its data, or its child resources. This could result in a loss of data confidentiality or tolerance of unauthorized actions which impact the integrity and availability of resources and data. | 1 | 1 | 4 |
| CCC.Core.TH04 | Data is Replicated to Untrusted or External Locations | Systems are susceptible to unauthorized access or interception by actors with political or physical control over the network in which they are deployed. Confidentiality may be impacted if the data is replicated to a network where the geopolitical status is untrusted, unstable, or insecure. | 1 | 1 | 1 |
| CCC.Core.TH12 | Resource Constraints are Exhausted | Exceeding the resource constraints through excessive consumption, resource-intensive operations, or lowering of rate-limit thresholds can impact the availability of elements such as memory, CPU, or storage. This may disrupt availability of the service or child resources by denying the associated functionality to users. If the impacted system is not designed to expect such a failure, the effect could also cascade to other services and resources. | 1 | 1 | 0 |
| CCC.Core.TH13 | Resource Tags are Manipulated | When resource tags are altered, it can lead to misclassification or mismanagement of resources. This can reduce the efficacy of organizational policies, billing rules, or network access rules. Such changes could cause compromised confidentiality, integrity, or availability of the system and its data. | 1 | 1 | 0 |
Controls
| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.KeyMgmt.C01 | Alert on Key-version Changes | Generate near-real-time alerts when a KMS key version is disabled or scheduled for deletion, enabling rapid investigation and recovery. | Logging and Metrics Publication | 1 | 2 | 1 |
| CCC.KeyMgmt.C02 | Limit Decrypt Permissions | Restrict the Decrypt operation to authorised principals only, applying the principle of least privilege to protect sensitive data. | Identity and Access Management | 1 | 2 | 1 |
| CCC.Core.C03 | Implement Multi-factor Authentication (MFA) for Access | Ensure that all sensitive activities require two or more identity factors during authentication to prevent unauthorized access. | Identity and Access Management | 1 | 6 | 4 |
| CCC.Core.C05 | Prevent Access from Untrusted Entities | Ensure that secure access controls enforce the principle of least privilege to restrict access to authorized entities from explicitly trusted sources only. | Identity and Access Management | 1 | 8 | 6 |
| CCC.KeyMgmt.C03 | Enforce Automatic Rotation | Ensure symmetric keys rotate automatically within policy intervals to reduce exposure of key material. | Key Lifecycle Management | 1 | 2 | 1 |
| CCC.KeyMgmt.C04 | Validate Imported Keys | Accept only externally generated keys that meet approved cryptographic strength and provenance requirements. | Key Lifecycle Management | 1 | 2 | 1 |
| CCC.Core.C01 | Encrypt Data for Transmission | Ensure that all communications are encrypted in transit to protect data integrity and confidentiality. | Data | 1 | 8 | 5 |
| CCC.Core.C02 | Encrypt Data for Storage | Ensure that all data stored is encrypted at rest using strong encryption algorithms. | Data | 1 | 7 | 1 |
| CCC.Core.C06 | Restrict Deployments to Trust Perimeter | Ensure that the service and its child resources are only deployed on infrastructure in locations that are explicitly included within a defined trust perimeter. | Data | 1 | 4 | 2 |
| CCC.Core.C10 | Restrict Data Replication to Trust Perimeter | Ensure that data is only replicated on infrastructure in locations that are explicitly included within a defined trust perimeter. | Data | 1 | 4 | 1 |
| CCC.Core.C04 | Log All Access and Changes | Ensure that all access attempts are logged to maintain a detailed audit trail for security and compliance purposes. | Logging & Monitoring | 1 | 5 | 3 |