Validate Imported Keys | CCC

Skip to main content

CCC.KeyMgmt.CN04: Validate Imported Keys

Control ID:CCC.KeyMgmt.CN04

Title:Validate Imported Keys

Objective:Accept only externally generated keys that meet approved cryptographic strength and provenance requirements.

Control Family:

Key Lifecycle Management

Related Threats

ID	Title	Description	External Mappings	Capability Mappings	Control Mappings
CCC.KeyMgmt.TH04	Introduction of Weak or Compromised Key Material During Import	Insufficient validation during the key-import process may allow weak, back-doored, or otherwise compromised key material to be introduced, reducing the overall strength of subsequent cryptographic operations.	1	1	0

Related Capabilities

ID	Title	Description
CCC.KeyMgmt.CP22	Key Import	Supports the ability to import externally generated keys into the KMS.

Guideline Mappings

Reference ID	Entry ID	Strength	Remarks
NIST-CSF	PR.DS-1	0	Data at rest is protected
NIST_800_53	SC-28	0	Protection of Information at Rest

Assessment Requirements

ID	Description	Applicability
CCC.KeyMgmt.CN04.AR01	When a key import request is processed, the key MUST use an approved algorithm (RSA-2048+, EC-P256+) and originate from a certified HSM.	tlp-green