πΌ 3.6.1.2 Secret and private keys used to encrypt/decrypt stored account data are stored in one (or more) of the described forms at all times.
-
Contextual name: πΌ 3.6.1.2 Secret and private keys used to encrypt/decrypt stored account data are stored in one (or more) of the described forms at all times.
-
ID:
/frameworks/pci-dss-v4.0/03/06/01/02 -
Located in: πΌ 3.6.1 Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure and misuse.
Descriptionβ
The following forms:
- Encrypted with a key-encrypting key that is at least as strong as the data-encrypting key, and that is stored separately from the data-encrypting key.
- Within a secure cryptographic device (SCD), such as a hardware security module (HSM) or PTS-approved point-of-interaction device.
- As at least two full-length key components or key shares, in accordance with an industry-accepted method.
Similarβ
- Sections
/frameworks/pci-dss-v3.2.1/03/05/03/frameworks/pci-dss-v4.0.1/03/06/01/02
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v3.2.1 β πΌ 3.5.3 Store secret and private keys used to encrypt/decrypt cardholder data in one (or more) of the described forms at all times. | ||||
| πΌ PCI DSS v4.0.1 β πΌ 3.6.1.2 Secret and private keys used to encrypt/decrypt stored account data are stored in one (or more) of the described forms at all times. |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v3.2.1 β πΌ 3.5.3 Store secret and private keys used to encrypt/decrypt cardholder data in one (or more) of the described forms at all times. | ||||
| πΌ PCI DSS v4.0.1 β πΌ 3.6.1.2 Secret and private keys used to encrypt/decrypt stored account data are stored in one (or more) of the described forms at all times. |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|