💼 3.7.4 Key management policies and procedures are implemented for cryptographic key changes for keys that have reached the end of their cryptoperiod.

• Contextual name: 💼 3.7.4 Key management policies and procedures are implemented for cryptographic key changes for keys that have reached the end of their cryptoperiod.

• ID: /frameworks/pci-dss-v4.0/03/07/04

• Located in: 💼 3.7 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented.

Description

As defined by the associated application vendor or key owner, and based on industry best practices and guidelines.

Include the following:

• A defined cryptoperiod for each key type in use.
• A process for key changes at the end of the defined cryptoperiod.

Similar

• Sections
  • /frameworks/pci-dss-v3.2.1/03/06/04
  • /frameworks/pci-dss-v4.0.1/03/07/04
• Internal
  • ID: dec-c-ac2a78da

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v3.2.1 → 💼 3.6.4 Cryptographic key changes for keys that have reached the end of their cryptoperiod, as defined by the associated application vendor or key owner, and based on industry best practices and guidelines.
💼 PCI DSS v4.0.1 → 💼 3.7.4 Key management policies and procedures are implemented for cryptographic key changes for keys that have reached the end of their cryptoperiod.

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v3.2.1 → 💼 3.6.4 Cryptographic key changes for keys that have reached the end of their cryptoperiod, as defined by the associated application vendor or key owner, and based on industry best practices and guidelines.
💼 PCI DSS v4.0.1 → 💼 3.7.4 Key management policies and procedures are implemented for cryptographic key changes for keys that have reached the end of their cryptoperiod.

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags