💼 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse.

• Contextual name: 💼 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse.

• ID: /frameworks/pci-dss-v4.0.1/03/06/01

• Located in: 💼 3.6 Cryptographic keys used to protect stored account data are secured.

Description

That include:

• Access to keys is restricted to the fewest number of custodians necessary.
• Key-encrypting keys are at least as strong as the data-encrypting keys they protect.
• Key-encrypting keys are stored separately from data-encrypting keys.
• Keys are stored securely in the fewest possible locations and forms.

Similar

• Sections
  • /frameworks/pci-dss-v4.0/03/06/01

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v4.0 → 💼 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse.	3

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v4.0 → 💼 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse.	3

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 3.6.1.1 A documented description of the cryptographic architecture is maintained.
💼 3.6.1.2 Secret and private keys used to encrypt/decrypt stored account data are stored in one (or more) of the described forms at all times.
💼 3.6.1.3 Access to cleartext cryptographic key components is restricted to the fewest number of custodians necessary.