CCC.C11: Enforce Key Management Policies
Control ID:CCC.C11
Title:Enforce Key Management Policies
Objective:Ensure that encryption keys are managed securely by enforcing
the use of approved algorithms, regular key rotation, and
customer-managed encryption keys (CMEKs).
Control Family:
Encryption
NIST CSF:
PR.DS-1
Control Mappings
Test Requirements
CCC.C11.TR01:When encryption keys are used, the service MUST verify that
all encryption keys use approved cryptographic algorithms as
per organizational standards.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red
CCC.C11.TR02:When encryption keys are used, the service MUST verify that
encryption keys are rotated at a frequency compliant with
organizational policies.
TLP:
tlp_clear
tlp_green
tlp_amber
tlp_red
CCC.C11.TR03:When encrypting data, the service MUST verify that
customer-managed encryption keys (CMEKs) are used.
TLP:
tlp_amber
tlp_red
CCC.C11.TR04:When encryption keys are accessed, the service MUST verify that
access to encryption keys is restricted to authorized personnel
and services, following the principle of least privilege.
TLP:
tlp_amber
tlp_red