πΌ CC6.1-11 Protects Encryption Keys
- Contextual name: πΌ CC6.1-11 Protects Encryption Keys
- ID:
/frameworks/soc-2/cc6/01/11 - Located in: πΌ CC6.1 The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives.
Descriptionβ
Processes are in place to protect encryption keys during generation, storage, use, and destruction.
Similarβ
- Internal
- ID:
dec-c-0e42ea42
- ID:
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (8)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS KMS Symmetric CMK Rotation is not enabled π’ | 1 | π’ x6 |
| π Azure Diagnostic Setting Logs export to Storage Account not encrypted with Customer-managed key π’ | 1 | π’ x6 |
| π Azure Key Vault Soft Delete and Purge Protection functions are not enabled π’ | 1 | π’ x6 |
| π Azure Non-RBAC Key Vault stores Keys without expiration date π’ | 1 | π’ x6 |
| π Azure Non-RBAC Key Vault stores Secrets without expiration date π’ | 1 | π’ x6 |
| π Azure RBAC Key Vault stores Keys without expiration date π’ | 1 | π’ x6 |
| π Azure RBAC Key Vault stores Secrets without expiration date π’ | 1 | π’ x6 |
| π Azure Storage Account With Critical Data is not encrypted with customer managed key π’ | π’ x3 |
Internal Rulesβ
| Rule | Policies | Flags |
|---|---|---|
| βοΈ dec-x-0be4dfe5 | 1 | |
| βοΈ dec-x-0feec790 | 2 | |
| βοΈ dec-x-4d6fee7a | 1 | |
| βοΈ dec-x-5c3c2067 | 1 | |
| βοΈ dec-x-82ca4127 | 2 | |
| βοΈ dec-x-aef11ebd | 1 |