💼 3.5.3 Store secret and private keys used to encrypt/decrypt cardholder data in
one (or more) of the described forms at all times.
- ID:
/frameworks/pci-dss-v3.2.1/03/05/03
Description​
The forms includes:
- Encrypted with a key-encrypting key that is at least as strong as the data-encrypting key, and that is stored separately from the data-encrypting key
- Within a secure cryptographic device (such as a hardware (host) security module (HSM) or PTS-approved point-of-interaction device)
- As at least two full-length key components or key shares, in accordance with an industry-accepted method
It is not required that public keys be stored in one of these forms.
Similar​
- Sections
/frameworks/pci-dss-v4.0/03/06/01/02
- Internal
- ID:
dec-c-1253c7e3
- ID:
Similar Sections (Take Policies From)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 PCI DSS v4.0 → 💼 3.6.1.2 Secret and private keys used to encrypt/decrypt stored account data are stored in one (or more) of the described forms at all times. | no data |
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 PCI DSS v4.0 → 💼 3.6.1.2 Secret and private keys used to encrypt/decrypt stored account data are stored in one (or more) of the described forms at all times. | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|