Skip to main content

💼 3.6 Fully document and implement all keymanagement processes and procedures

for cryptographic keys used for encryption of cardholder data.

Contextual name: 💼 3.6 Fully document and implement all keymanagement processes and procedures for cryptographic keys used for encryption of cardholder data.
ID: /frameworks/pci-dss-v3.2.1/03/06
Located in: 💼 3 Protect stored cardholder data

Description

Numerous industry standards for key management are available from various resources including NIST, which can be found at http://csrc.nist.gov

Similar

Internal
- ID: dec-c-e88e866b

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 3.6.1 Generation of strong cryptographic keys.
💼 3.6.2 Secure cryptographic key distribution.
💼 3.6.3 Secure cryptographic key storage.
💼 3.6.4 Cryptographic key changes for keys that have reached the end of their cryptoperiod, as defined by the associated application vendor or key owner, and based on industry best practices and guidelines.
💼 3.6.5 Retirement or replacement of keys as deemed necessary when the integrity of the key has been weakened, or keys are suspected of being compromised.
💼 3.6.6 If manual clear-text cryptographic key-management operations are used, these operations must be managed using split knowledge and dual control.
💼 3.6.7 Prevention of unauthorized substitution of cryptographic keys.
💼 3.6.8 Requirement for cryptographic key custodians to formally acknowledge that they understand and accept their key-custodian responsibilities.

Description
Similar
Sub Sections