CCC.KeyMgmt.TH04: Introduction of Weak or Compromised Key Material During Import
Threat ID:CCC.KeyMgmt.TH04
Title:Introduction of Weak or Compromised Key Material During Import
Description:
Insufficient validation during the key-import process may allow weak, back-doored, or otherwise compromised key material to be introduced, reducing the overall strength of subsequent cryptographic operations.
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.KeyMgmt.F22 | Key Import | Supports the ability to import externally generated keys into the KMS. |
External Mappings
| Reference ID | Entry ID | Strength | Remarks |
|---|---|---|---|
MITRE-ATT&CK | T1600 | 0 | Weaken Encryption |
Controls
| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.KeyMgmt.C04 | Validate Imported Keys | Accept only externally generated keys that meet approved cryptographic strength and provenance requirements. | Key Lifecycle Management | 1 | 2 | 1 |