⭐ Repository → 💼 SOC 2 → 💼 CC6 Logical and Physical Access Controls → 💼 CC6.1 The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives.
💼 CC6.1-11 Protects Encryption Keys
- ID:
/frameworks/soc-2/cc6/01/11
Description
Processes are in place to protect encryption keys during generation, storage, use, and destruction.
Similar
- Internal
- ID:
dec-c-0e42ea42
- ID:
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (9)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS KMS Symmetric CMK Rotation is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Diagnostic Setting Logs export to Storage Account not encrypted with Customer-managed key🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Key Vault Soft Delete and Purge Protection functions are not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Non-RBAC Key Vault stores Keys without expiration date🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Non-RBAC Key Vault stores Secrets without expiration date🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure RBAC Key Vault stores Keys without expiration date🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure RBAC Key Vault stores Secrets without expiration date🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Storage Account With Critical Data is not encrypted with customer managed key🟢⚪ | 🟢 x2, ⚪ x1 | no data | |
| 🛡️ Google GCE Instance Block Project-Wide SSH Keys is not enabled🟢 | 1 | 🟢 x6 | no data |
Internal Rules
| Rule | Policies | Flags |
|---|---|---|
| ✉️ dec-x-0be4dfe5 | 1 | |
| ✉️ dec-x-0feec790 | 2 | |
| ✉️ dec-x-4d6fee7a | 1 | |
| ✉️ dec-x-5c3c2067 | 1 | |
| ✉️ dec-x-82ca4127 | 2 | |
| ✉️ dec-x-aef11ebd | 1 |