Skip to main content
← Back to CCC Virtual Private Cloud

CCC.C11: Enforce Key Management Policies

Control ID:CCC.C11
Title:Enforce Key Management Policies
Objective:Ensure that encryption keys are managed securely by enforcing the use of approved algorithms, regular key rotation, and customer-managed encryption keys (CMEKs).
Control Family:
Encryption
NIST CSF:
PR.DS-1

Control Mappings

ISO_27001:
NIST_800_53:

Test Requirements

CCC.C11.TR01:When encryption keys are used, the service MUST verify that all encryption keys use approved cryptographic algorithms as per organizational standards.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red
CCC.C11.TR02:When encryption keys are used, the service MUST verify that encryption keys are rotated at a frequency compliant with organizational policies.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red
CCC.C11.TR03:When encrypting data, the service MUST verify that customer-managed encryption keys (CMEKs) are used.
TLP:
tlp_amber
tlp_red
CCC.C11.TR04:When encryption keys are accessed, the service MUST verify that access to encryption keys is restricted to authorized personnel and services, following the principle of least privilege.
TLP:
tlp_amber
tlp_red