Skip to main content

๐Ÿ’ผ 3.7 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented.

  • Contextual name: ๐Ÿ’ผ 3.7 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented.

  • ID: /frameworks/pci-dss-v4.0.1/03/07

  • Located in: ๐Ÿ’ผ 3 Protect Stored Account Data

Descriptionโ€‹

Empty...

Similarโ€‹

Sub Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlags
๐Ÿ’ผ 3.7.1 Key-management policies and procedures are implemented to include generation of strong cryptographic keys used to protect stored account data.
๐Ÿ’ผ 3.7.2 Key-management policies and procedures are implemented to include secure distribution of cryptographic keys used to protect stored account data.
๐Ÿ’ผ 3.7.3 Key-management policies and procedures are implemented to include secure storage of cryptographic keys used to protect stored account data.
๐Ÿ’ผ 3.7.4 Key management policies and procedures are implemented for cryptographic key changes for keys that have reached the end of their cryptoperiod.
๐Ÿ’ผ 3.7.5 Key management policies procedures are implemented to include the retirement, replacement, or destruction of keys used to protect stored account data.
๐Ÿ’ผ 3.7.6 Where manual cleartext cryptographic key-management operations are performed by personnel, key-management policies and procedures are implemented include managing these operations using split knowledge and dual control.
๐Ÿ’ผ 3.7.7 Key management policies and procedures are implemented to include the prevention of unauthorized substitution of cryptographic keys.
๐Ÿ’ผ 3.7.8 Key management policies and procedures are implemented to include that cryptographic key custodians formally acknowledge (in writing or electronically) that they understand and accept their key-custodian responsibilities.
๐Ÿ’ผ 3.7.9 Where a service provider shares cryptographic keys with its customers for transmission or storage of account data, guidance on secure transmission, storage and updating of such keys is documented and distributed to the service provider's customers.