Enforce Automatic Rotation | CCC

Skip to main content

CCC.KeyMgmt.C03: Enforce Automatic Rotation

Control ID:CCC.KeyMgmt.C03

Title:Enforce Automatic Rotation

Objective:Ensure symmetric keys rotate automatically within policy intervals to reduce exposure of key material.

Control Family:

Key Lifecycle Management

Related Threats

ID	Title	Description	External Mappings	Capability Mappings	Control Mappings
CCC.KeyMgmt.TH03	Key Rotation is Disabled or Delayed Beyond Policy Limits	Modification of automatic or manual rotation settings can keep older key material active longer than intended, decreasing cryptographic resilience and extending exposure in the event of key compromise.	1	1	0

Related Capabilities

ID	Title	Description
CCC.KeyMgmt.F20	Automatic Symmetric Key Rotation	Supports the ability to automatically rotate a managed symmetric key as long as the key was generated within the KMS.
CCC.KeyMgmt.F21	Manual Key Rotation	Supports the ability to manually rotate a managed key.

Guideline Mappings

Reference ID	Entry ID	Strength	Remarks
NIST-CSF	PR.DS-1	0	Data at rest is protected
NIST_800_53	SC-12	0	Cryptographic Key Establishment and Management

Assessment Requirements

ID	Description	Applicability
CCC.KeyMgmt.C03.TR01	When rotation settings are examined, rotation MUST be enabled with an interval not exceeding 365 days.	tlp-green