💼 3.5 Document and implement procedures to protect keys used to secure stored cardholder data against disclosure and misuse.

• Contextual name: 💼 3.5 Document and implement procedures to protect keys used to secure stored cardholder data against disclosure and misuse.

• ID: /frameworks/pci-dss-v3.2.1/03/05

• Located in: 💼 3 Protect stored cardholder data

Description

This requirement applies to keys used to encrypt stored cardholder data, and also applies to key-encrypting keys used to protect data-encrypting keys—such key-encrypting keys must be at least as strong as the data-encrypting key.

Similar

• Sections
  • /frameworks/pci-dss-v4.0/03/06/01
• Internal
  • ID: dec-c-04657187

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v4.0 → 💼 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse.	3

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v4.0 → 💼 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse.	3

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 3.5.1 Maintain a documented description of the cryptographic architecture
💼 3.5.2 Restrict access to cryptographic keys to the fewest number of custodians necessary.
💼 3.5.3 Store secret and private keys used to encrypt/decrypt cardholder data in one (or more) of the described forms at all times.
💼 3.5.4 Store cryptographic keys in the fewest possible locations.