💼 A.10.1.2 Key management

• ID: /frameworks/iso-iec-27001-2013/10/01/02

Description

A policy on the use, protection and lifetime of cryptographic keys shall be developed and implemented through their whole lifecycle

Similar

• Internal
  • ID: dec-c-df02197d

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (12)

Policy	Logic Count	Flags	Compliance
🛡️ AWS IAM User Access Keys are not rotated every 90 days or less🟢	1	🟢 x6	no data
🛡️ AWS IAM User has more than one active access key🟢	1	🟢 x6	no data
🛡️ AWS IAM User with console and programmatic access set during the initial creation🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ AWS KMS Symmetric CMK Rotation is not enabled🟢	1	🟢 x6	no data
🛡️ Azure Key Vault Soft Delete and Purge Protection functions are not enabled🟢	1	🟢 x6	no data
🛡️ Azure Non-RBAC Key Vault stores Keys without expiration date🟢	1	🟢 x6	no data
🛡️ Azure Non-RBAC Key Vault stores Secrets without expiration date🟢	1	🟢 x6	no data
🛡️ Azure RBAC Key Vault stores Keys without expiration date🟢	1	🟢 x6	no data
🛡️ Azure RBAC Key Vault stores Secrets without expiration date🟢	1	🟢 x6	no data
🛡️ Azure SQL Server Transparent Data Encryption Protector is not encrypted with Customer-managed key🟢	1	🟢 x6	no data
🛡️ Azure Storage Account With Critical Data is not encrypted with customer managed key🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ Google Project with KMS keys has a principal with Owner role🟢	1	🟢 x6	no data

Internal Rules

Rule	Policies	Flags
✉️ dec-x-0be4dfe5	1
✉️ dec-x-0feec790	2
✉️ dec-x-4d6fee7a	1
✉️ dec-x-82ca4127	2
✉️ dec-x-230b5e35	1
✉️ dec-x-30795016	1
✉️ dec-x-aef11ebd	1
✉️ dec-x-b10e98af	1
✉️ dec-x-bcb0c78f	1