Requirement 3.1.1 is about effectively managing and maintaining the various policies and procedures specified throughout Requirement 3. While it is important to define the specific policies or procedures called out in Requirement 3, it is equally important to ensure they are properly documented, maintained, and disseminated.
It is important to update policies and procedures as needed to address changes in processes, technologies, and business objectives. For these reasons, consider updating these documents as soon as possible after a change occurs and not only on a periodic cycle.
Security policies define the entity's security objectives and principles. Operational procedures describe how to perform activities, and define the controls, methods, and processes that are followed to achieve the desired result in a consistent manner and in accordance with policy objectives.
If roles and responsibilities are not formally assigned, personnel may not be aware of their day-to-day responsibilities and critical activities may not occur.
Roles and responsibilities may be documented within policies and procedures or maintained within separate documents. As part of communicating roles and responsibilities, entities can consider having personnel acknowledge their acceptance and understanding of their assigned roles and responsibilities.
A method to document roles and responsibilities is a responsibility assignment matrix that includes who is responsible, accountable, consulted, and informed (also called a RACI matrix).
Requirement 3.1.1 is about effectively managing and maintaining the various policies and procedures specified throughout Requirement 3. While it is important to define the specific policies or procedures called out in Requirement 3, it is equally important to ensure they are properly documented, maintained, and disseminated.
It is important to update policies and procedures as needed to address changes in processes, technologies, and business objectives. For these reasons, consider updating these documents as soon as possible after a change occurs and not only on a periodic cycle.
Security policies define the entity's security objectives and principles. Operational procedures describe how to perform activities, and define the controls, methods, and processes that are followed to achieve the desired result in a consistent manner and in accordance with policy objectives.
If roles and responsibilities are not formally assigned, personnel may not be aware of their day-to-day responsibilities and critical activities may not occur.
Roles and responsibilities may be documented within policies and procedures or maintained within separate documents. As part of communicating roles and responsibilities, entities can consider having personnel acknowledge their acceptance and understanding of their assigned roles and responsibilities.
A method to document roles and responsibilities is a responsibility assignment matrix that includes who is responsible, accountable, consulted, and informed (also called a RACI matrix).
Storing account data beyond what is needed for business purposes creates unnecessary risk. The longer data is retained, the greater the potential exposure in the event of a data breach. Implementing data retention and disposal policies helps minimize the amount of data at risk.
Data retention policies should clearly define what data is stored, where it is stored, how long it is retained, and how it is securely disposed of when no longer needed. Automated processes should be used where possible to identify and securely delete stored account data that exceeds the defined retention period.
A data retention and disposal policy defines the business requirements for retaining data, the specific data elements to be retained, and the timeframes and methods for secure disposal of data that is no longer needed.
Sensitive authentication data (SAD) is valuable to attackers because it can be used to generate counterfeit payment cards and create fraudulent transactions. If SAD is stored after authorization, it provides attackers with more data to steal. Ensuring SAD is not retained after authorization reduces the risk of fraud.
Processes should be in place to securely delete SAD immediately after the authorization process is complete. Automated tools can help ensure that SAD is not inadvertently retained in logs, temporary files, or other storage locations.
Sensitive authentication data includes full track data, card verification codes/values (CAV2/CVC2/CVV2/CID), and PINs/PIN blocks. Authorization is the process by which a card issuer approves or declines a transaction.
Full track data from the magnetic stripe or chip contains all the information needed to create a counterfeit card. If this data is stored after authorization, it could be used by attackers to commit fraud.
Systems should be configured to not store full track data after authorization. Regular scans should be performed to verify that full track data is not being stored anywhere in the environment.
The card verification code (CAV2/CVC2/CVV2/CID) is used to verify that the person making a card-not-present transaction has physical possession of the card. If this value is stored after authorization, it could be used to make fraudulent transactions without the physical card.
Systems should be configured to not store card verification codes after authorization. Regular verification should confirm that these values are not retained in any storage location.
PINs and PIN blocks are used to authenticate cardholders during transactions. If this data is stored after authorization, it could be used to commit unauthorized transactions at ATMs or point-of-sale terminals.
Systems should be configured to never store PINs or PIN blocks after authorization, even in encrypted form. Regular checks should verify that this data is not being retained.
SAD stored prior to completion of authorization could be accessed by unauthorized individuals if the system is compromised. Encrypting SAD during the authorization process provides an additional layer of protection while the data is temporarily needed.
Strong cryptographic mechanisms should be used to protect SAD stored prior to authorization completion. The cryptographic keys used should be managed in accordance with Requirements 3.6 and 3.7.
Issuers and companies that support issuing services may have a legitimate business need to store SAD. However, additional protections are necessary when SAD is stored, even by issuers, to prevent unauthorized use.
Entities that store SAD for issuing purposes should ensure that the data is encrypted using strong cryptography and that access is strictly limited to personnel with a documented business need.
Sensitive authentication data (SAD) is valuable to attackers because it can be used to generate counterfeit payment cards and create fraudulent transactions. If SAD is stored after authorization, it provides attackers with more data to steal. Ensuring SAD is not retained after authorization reduces the risk of fraud.
Processes should be in place to securely delete SAD immediately after the authorization process is complete. Automated tools can help ensure that SAD is not inadvertently retained in logs, temporary files, or other storage locations.
Sensitive authentication data includes full track data, card verification codes/values (CAV2/CVC2/CVV2/CID), and PINs/PIN blocks. Authorization is the process by which a card issuer approves or declines a transaction.
Full track data from the magnetic stripe or chip contains all the information needed to create a counterfeit card. If this data is stored after authorization, it could be used by attackers to commit fraud.
Systems should be configured to not store full track data after authorization. Regular scans should be performed to verify that full track data is not being stored anywhere in the environment.
The card verification code (CAV2/CVC2/CVV2/CID) is used to verify that the person making a card-not-present transaction has physical possession of the card. If this value is stored after authorization, it could be used to make fraudulent transactions without the physical card.
Systems should be configured to not store card verification codes after authorization. Regular verification should confirm that these values are not retained in any storage location.
PINs and PIN blocks are used to authenticate cardholders during transactions. If this data is stored after authorization, it could be used to commit unauthorized transactions at ATMs or point-of-sale terminals.
Systems should be configured to never store PINs or PIN blocks after authorization, even in encrypted form. Regular checks should verify that this data is not being retained.
SAD stored prior to completion of authorization could be accessed by unauthorized individuals if the system is compromised. Encrypting SAD during the authorization process provides an additional layer of protection while the data is temporarily needed.
Strong cryptographic mechanisms should be used to protect SAD stored prior to authorization completion. The cryptographic keys used should be managed in accordance with Requirements 3.6 and 3.7.
Issuers and companies that support issuing services may have a legitimate business need to store SAD. However, additional protections are necessary when SAD is stored, even by issuers, to prevent unauthorized use.
Entities that store SAD for issuing purposes should ensure that the data is encrypted using strong cryptography and that access is strictly limited to personnel with a documented business need.
Sensitive authentication data (SAD) is valuable to attackers because it can be used to generate counterfeit payment cards and create fraudulent transactions. If SAD is stored after authorization, it provides attackers with more data to steal. Ensuring SAD is not retained after authorization reduces the risk of fraud.
Processes should be in place to securely delete SAD immediately after the authorization process is complete. Automated tools can help ensure that SAD is not inadvertently retained in logs, temporary files, or other storage locations.
Sensitive authentication data includes full track data, card verification codes/values (CAV2/CVC2/CVV2/CID), and PINs/PIN blocks. Authorization is the process by which a card issuer approves or declines a transaction.
Full track data from the magnetic stripe or chip contains all the information needed to create a counterfeit card. If this data is stored after authorization, it could be used by attackers to commit fraud.
Systems should be configured to not store full track data after authorization. Regular scans should be performed to verify that full track data is not being stored anywhere in the environment.
The card verification code (CAV2/CVC2/CVV2/CID) is used to verify that the person making a card-not-present transaction has physical possession of the card. If this value is stored after authorization, it could be used to make fraudulent transactions without the physical card.
Systems should be configured to not store card verification codes after authorization. Regular verification should confirm that these values are not retained in any storage location.
PINs and PIN blocks are used to authenticate cardholders during transactions. If this data is stored after authorization, it could be used to commit unauthorized transactions at ATMs or point-of-sale terminals.
Systems should be configured to never store PINs or PIN blocks after authorization, even in encrypted form. Regular checks should verify that this data is not being retained.
SAD stored prior to completion of authorization could be accessed by unauthorized individuals if the system is compromised. Encrypting SAD during the authorization process provides an additional layer of protection while the data is temporarily needed.
Strong cryptographic mechanisms should be used to protect SAD stored prior to authorization completion. The cryptographic keys used should be managed in accordance with Requirements 3.6 and 3.7.
Issuers and companies that support issuing services may have a legitimate business need to store SAD. However, additional protections are necessary when SAD is stored, even by issuers, to prevent unauthorized use.
Entities that store SAD for issuing purposes should ensure that the data is encrypted using strong cryptography and that access is strictly limited to personnel with a documented business need.
Sensitive authentication data (SAD) is valuable to attackers because it can be used to generate counterfeit payment cards and create fraudulent transactions. If SAD is stored after authorization, it provides attackers with more data to steal. Ensuring SAD is not retained after authorization reduces the risk of fraud.
Processes should be in place to securely delete SAD immediately after the authorization process is complete. Automated tools can help ensure that SAD is not inadvertently retained in logs, temporary files, or other storage locations.
Sensitive authentication data includes full track data, card verification codes/values (CAV2/CVC2/CVV2/CID), and PINs/PIN blocks. Authorization is the process by which a card issuer approves or declines a transaction.
Full track data from the magnetic stripe or chip contains all the information needed to create a counterfeit card. If this data is stored after authorization, it could be used by attackers to commit fraud.
Systems should be configured to not store full track data after authorization. Regular scans should be performed to verify that full track data is not being stored anywhere in the environment.
The card verification code (CAV2/CVC2/CVV2/CID) is used to verify that the person making a card-not-present transaction has physical possession of the card. If this value is stored after authorization, it could be used to make fraudulent transactions without the physical card.
Systems should be configured to not store card verification codes after authorization. Regular verification should confirm that these values are not retained in any storage location.
PINs and PIN blocks are used to authenticate cardholders during transactions. If this data is stored after authorization, it could be used to commit unauthorized transactions at ATMs or point-of-sale terminals.
Systems should be configured to never store PINs or PIN blocks after authorization, even in encrypted form. Regular checks should verify that this data is not being retained.
SAD stored prior to completion of authorization could be accessed by unauthorized individuals if the system is compromised. Encrypting SAD during the authorization process provides an additional layer of protection while the data is temporarily needed.
Strong cryptographic mechanisms should be used to protect SAD stored prior to authorization completion. The cryptographic keys used should be managed in accordance with Requirements 3.6 and 3.7.
Issuers and companies that support issuing services may have a legitimate business need to store SAD. However, additional protections are necessary when SAD is stored, even by issuers, to prevent unauthorized use.
Entities that store SAD for issuing purposes should ensure that the data is encrypted using strong cryptography and that access is strictly limited to personnel with a documented business need.
Sensitive authentication data (SAD) is valuable to attackers because it can be used to generate counterfeit payment cards and create fraudulent transactions. If SAD is stored after authorization, it provides attackers with more data to steal. Ensuring SAD is not retained after authorization reduces the risk of fraud.
Processes should be in place to securely delete SAD immediately after the authorization process is complete. Automated tools can help ensure that SAD is not inadvertently retained in logs, temporary files, or other storage locations.
Sensitive authentication data includes full track data, card verification codes/values (CAV2/CVC2/CVV2/CID), and PINs/PIN blocks. Authorization is the process by which a card issuer approves or declines a transaction.
Full track data from the magnetic stripe or chip contains all the information needed to create a counterfeit card. If this data is stored after authorization, it could be used by attackers to commit fraud.
Systems should be configured to not store full track data after authorization. Regular scans should be performed to verify that full track data is not being stored anywhere in the environment.
The card verification code (CAV2/CVC2/CVV2/CID) is used to verify that the person making a card-not-present transaction has physical possession of the card. If this value is stored after authorization, it could be used to make fraudulent transactions without the physical card.
Systems should be configured to not store card verification codes after authorization. Regular verification should confirm that these values are not retained in any storage location.
PINs and PIN blocks are used to authenticate cardholders during transactions. If this data is stored after authorization, it could be used to commit unauthorized transactions at ATMs or point-of-sale terminals.
Systems should be configured to never store PINs or PIN blocks after authorization, even in encrypted form. Regular checks should verify that this data is not being retained.
SAD stored prior to completion of authorization could be accessed by unauthorized individuals if the system is compromised. Encrypting SAD during the authorization process provides an additional layer of protection while the data is temporarily needed.
Strong cryptographic mechanisms should be used to protect SAD stored prior to authorization completion. The cryptographic keys used should be managed in accordance with Requirements 3.6 and 3.7.
Issuers and companies that support issuing services may have a legitimate business need to store SAD. However, additional protections are necessary when SAD is stored, even by issuers, to prevent unauthorized use.
Entities that store SAD for issuing purposes should ensure that the data is encrypted using strong cryptography and that access is strictly limited to personnel with a documented business need.
Sensitive authentication data (SAD) is valuable to attackers because it can be used to generate counterfeit payment cards and create fraudulent transactions. If SAD is stored after authorization, it provides attackers with more data to steal. Ensuring SAD is not retained after authorization reduces the risk of fraud.
Processes should be in place to securely delete SAD immediately after the authorization process is complete. Automated tools can help ensure that SAD is not inadvertently retained in logs, temporary files, or other storage locations.
Sensitive authentication data includes full track data, card verification codes/values (CAV2/CVC2/CVV2/CID), and PINs/PIN blocks. Authorization is the process by which a card issuer approves or declines a transaction.
Full track data from the magnetic stripe or chip contains all the information needed to create a counterfeit card. If this data is stored after authorization, it could be used by attackers to commit fraud.
Systems should be configured to not store full track data after authorization. Regular scans should be performed to verify that full track data is not being stored anywhere in the environment.
The card verification code (CAV2/CVC2/CVV2/CID) is used to verify that the person making a card-not-present transaction has physical possession of the card. If this value is stored after authorization, it could be used to make fraudulent transactions without the physical card.
Systems should be configured to not store card verification codes after authorization. Regular verification should confirm that these values are not retained in any storage location.
PINs and PIN blocks are used to authenticate cardholders during transactions. If this data is stored after authorization, it could be used to commit unauthorized transactions at ATMs or point-of-sale terminals.
Systems should be configured to never store PINs or PIN blocks after authorization, even in encrypted form. Regular checks should verify that this data is not being retained.
SAD stored prior to completion of authorization could be accessed by unauthorized individuals if the system is compromised. Encrypting SAD during the authorization process provides an additional layer of protection while the data is temporarily needed.
Strong cryptographic mechanisms should be used to protect SAD stored prior to authorization completion. The cryptographic keys used should be managed in accordance with Requirements 3.6 and 3.7.
Issuers and companies that support issuing services may have a legitimate business need to store SAD. However, additional protections are necessary when SAD is stored, even by issuers, to prevent unauthorized use.
Entities that store SAD for issuing purposes should ensure that the data is encrypted using strong cryptography and that access is strictly limited to personnel with a documented business need.
Displaying the full PAN increases the risk that the number will be seen by unauthorized individuals and used for fraudulent purposes. Masking the PAN when displayed limits exposure of the full number to only those personnel who have a legitimate business need to see it.
The default display of PAN should show only the BIN (first six digits) and last four digits at most. Any display of more than these digits should require explicit authorization and should be logged. Role-based access controls should determine which personnel can view the full PAN.
PAN masking refers to the practice of hiding a portion of the PAN when displayed, typically showing only the first six and/or last four digits. This is different from truncation, which permanently removes digits from stored data.
When PAN is accessible via remote-access technologies, there is a risk that the PAN could be copied, stored, or transmitted insecurely on the remote device or through the remote connection. Preventing the ability to copy or relocate PAN when using remote access helps reduce this risk.
Technical controls should prevent PAN from being copied, moved, or stored on local hard drives or removable media when accessed remotely. Technologies such as disabling clipboard functionality, preventing screen captures, and restricting file downloads can help protect PAN during remote access sessions.
Displaying the full PAN increases the risk that the number will be seen by unauthorized individuals and used for fraudulent purposes. Masking the PAN when displayed limits exposure of the full number to only those personnel who have a legitimate business need to see it.
The default display of PAN should show only the BIN (first six digits) and last four digits at most. Any display of more than these digits should require explicit authorization and should be logged. Role-based access controls should determine which personnel can view the full PAN.
PAN masking refers to the practice of hiding a portion of the PAN when displayed, typically showing only the first six and/or last four digits. This is different from truncation, which permanently removes digits from stored data.
When PAN is accessible via remote-access technologies, there is a risk that the PAN could be copied, stored, or transmitted insecurely on the remote device or through the remote connection. Preventing the ability to copy or relocate PAN when using remote access helps reduce this risk.
Technical controls should prevent PAN from being copied, moved, or stored on local hard drives or removable media when accessed remotely. Technologies such as disabling clipboard functionality, preventing screen captures, and restricting file downloads can help protect PAN during remote access sessions.
Rendering PAN unreadable wherever it is stored protects it from being used by unauthorized individuals who may gain access to stored data. Using strong cryptographic methods ensures that even if the storage media is compromised, the PAN cannot be easily recovered.
The approach used to render PAN unreadable should be appropriate for the storage environment and the data lifecycle. Organizations should select an approach based on their specific risk profile and operational requirements.
Approaches for rendering PAN unreadable include one-way hashes based on strong cryptography, truncation, index tokens and pads, and strong cryptography with associated key-management processes and procedures.
Hashing PAN using strong cryptography provides a one-way transformation that prevents the original PAN from being recovered. However, if the hash can be correlated with the original PAN through lookup tables or other means, the protection is undermined.
Keyed cryptographic hashes (such as HMAC) should be used rather than simple hashes. The cryptographic keys used for hashing should be managed in accordance with Requirements 3.6 and 3.7. If truncated versions of the same PAN are stored alongside hashed versions, additional controls should prevent correlation.
If disk-level or partition-level encryption is used to render PAN unreadable, additional controls are needed because the data is automatically decrypted when the system is running, making it accessible to anyone with logical access to the system.
Disk-level encryption should only be used on removable electronic media. For non-removable media, use a different approach to render PAN unreadable. If disk-level encryption must be used, logical access must be managed independently and separately from native operating system access control mechanisms.
If index tokens are used to replace PAN, the original PAN and the tokens must be stored in separate, secure locations. If an attacker gains access to both the tokens and the mapping to the original PANs, the protection is defeated.
The mapping between index tokens and original PANs should be stored in a secure environment with strong access controls. The process for generating tokens should be cryptographically secure to prevent an attacker from predicting or reverse-engineering the tokens.
Rendering PAN unreadable wherever it is stored protects it from being used by unauthorized individuals who may gain access to stored data. Using strong cryptographic methods ensures that even if the storage media is compromised, the PAN cannot be easily recovered.
The approach used to render PAN unreadable should be appropriate for the storage environment and the data lifecycle. Organizations should select an approach based on their specific risk profile and operational requirements.
Approaches for rendering PAN unreadable include one-way hashes based on strong cryptography, truncation, index tokens and pads, and strong cryptography with associated key-management processes and procedures.
Hashing PAN using strong cryptography provides a one-way transformation that prevents the original PAN from being recovered. However, if the hash can be correlated with the original PAN through lookup tables or other means, the protection is undermined.
Keyed cryptographic hashes (such as HMAC) should be used rather than simple hashes. The cryptographic keys used for hashing should be managed in accordance with Requirements 3.6 and 3.7. If truncated versions of the same PAN are stored alongside hashed versions, additional controls should prevent correlation.
If disk-level or partition-level encryption is used to render PAN unreadable, additional controls are needed because the data is automatically decrypted when the system is running, making it accessible to anyone with logical access to the system.
Disk-level encryption should only be used on removable electronic media. For non-removable media, use a different approach to render PAN unreadable. If disk-level encryption must be used, logical access must be managed independently and separately from native operating system access control mechanisms.
If index tokens are used to replace PAN, the original PAN and the tokens must be stored in separate, secure locations. If an attacker gains access to both the tokens and the mapping to the original PANs, the protection is defeated.
The mapping between index tokens and original PANs should be stored in a secure environment with strong access controls. The process for generating tokens should be cryptographically secure to prevent an attacker from predicting or reverse-engineering the tokens.
Rendering PAN unreadable wherever it is stored protects it from being used by unauthorized individuals who may gain access to stored data. Using strong cryptographic methods ensures that even if the storage media is compromised, the PAN cannot be easily recovered.
The approach used to render PAN unreadable should be appropriate for the storage environment and the data lifecycle. Organizations should select an approach based on their specific risk profile and operational requirements.
Approaches for rendering PAN unreadable include one-way hashes based on strong cryptography, truncation, index tokens and pads, and strong cryptography with associated key-management processes and procedures.
Hashing PAN using strong cryptography provides a one-way transformation that prevents the original PAN from being recovered. However, if the hash can be correlated with the original PAN through lookup tables or other means, the protection is undermined.
Keyed cryptographic hashes (such as HMAC) should be used rather than simple hashes. The cryptographic keys used for hashing should be managed in accordance with Requirements 3.6 and 3.7. If truncated versions of the same PAN are stored alongside hashed versions, additional controls should prevent correlation.
If disk-level or partition-level encryption is used to render PAN unreadable, additional controls are needed because the data is automatically decrypted when the system is running, making it accessible to anyone with logical access to the system.
Disk-level encryption should only be used on removable electronic media. For non-removable media, use a different approach to render PAN unreadable. If disk-level encryption must be used, logical access must be managed independently and separately from native operating system access control mechanisms.
If index tokens are used to replace PAN, the original PAN and the tokens must be stored in separate, secure locations. If an attacker gains access to both the tokens and the mapping to the original PANs, the protection is defeated.
The mapping between index tokens and original PANs should be stored in a secure environment with strong access controls. The process for generating tokens should be cryptographically secure to prevent an attacker from predicting or reverse-engineering the tokens.
Rendering PAN unreadable wherever it is stored protects it from being used by unauthorized individuals who may gain access to stored data. Using strong cryptographic methods ensures that even if the storage media is compromised, the PAN cannot be easily recovered.
The approach used to render PAN unreadable should be appropriate for the storage environment and the data lifecycle. Organizations should select an approach based on their specific risk profile and operational requirements.
Approaches for rendering PAN unreadable include one-way hashes based on strong cryptography, truncation, index tokens and pads, and strong cryptography with associated key-management processes and procedures.
Hashing PAN using strong cryptography provides a one-way transformation that prevents the original PAN from being recovered. However, if the hash can be correlated with the original PAN through lookup tables or other means, the protection is undermined.
Keyed cryptographic hashes (such as HMAC) should be used rather than simple hashes. The cryptographic keys used for hashing should be managed in accordance with Requirements 3.6 and 3.7. If truncated versions of the same PAN are stored alongside hashed versions, additional controls should prevent correlation.
If disk-level or partition-level encryption is used to render PAN unreadable, additional controls are needed because the data is automatically decrypted when the system is running, making it accessible to anyone with logical access to the system.
Disk-level encryption should only be used on removable electronic media. For non-removable media, use a different approach to render PAN unreadable. If disk-level encryption must be used, logical access must be managed independently and separately from native operating system access control mechanisms.
If index tokens are used to replace PAN, the original PAN and the tokens must be stored in separate, secure locations. If an attacker gains access to both the tokens and the mapping to the original PANs, the protection is defeated.
The mapping between index tokens and original PANs should be stored in a secure environment with strong access controls. The process for generating tokens should be cryptographically secure to prevent an attacker from predicting or reverse-engineering the tokens.
Cryptographic key management is essential for the ongoing security of encryption. If keys are not properly managed, the encryption protecting stored account data can be undermined, potentially exposing cardholder data.
Key management procedures should be documented and followed consistently. Procedures should address all aspects of key lifecycle management, including generation, distribution, storage, changes, retirement, and destruction.
Restricting access to cryptographic keys to the fewest number of custodians necessary reduces the risk of unauthorized access to or misuse of the keys. If too many people have access to cryptographic keys, the risk of compromise increases.
Access to cryptographic keys should be limited to only those personnel whose job function requires it. A formal process should be in place for granting and revoking access to cryptographic keys.
If cryptographic keys are not stored securely, they could be accessed by unauthorized individuals and used to decrypt protected data. Secure key storage helps maintain the confidentiality of encrypted data.
Cryptographic keys should be stored in a secure manner that limits access to authorized custodians only. Key-encrypting keys should be at least as strong as the data-encrypting keys they protect. Key-encrypting keys should be stored separately from data-encrypting keys.
Storing cryptographic keys in the fewest possible locations reduces the risk of unauthorized access and simplifies key management. The more locations where keys are stored, the greater the risk of compromise.
Keys should be stored in as few locations as possible, with each location having appropriate security controls. Inventory of key storage locations should be maintained and reviewed periodically.
Cryptographic keys have a limited effective lifetime. Using keys beyond their defined crypto period increases the risk that the encryption can be compromised. Regular key rotation helps maintain the strength of the encryption.
Crypto periods should be defined based on industry best practices and the sensitivity of the data being protected. When a key reaches the end of its crypto period, it should be retired and replaced with a new key. Data encrypted with the old key should be re-encrypted with the new key where feasible.
A crypto period is the time span during which a specific cryptographic key is authorized for use. Crypto periods are defined based on factors such as key strength, the volume of data encrypted, and the sensitivity of the data.
Cryptographic key management is essential for the ongoing security of encryption. If keys are not properly managed, the encryption protecting stored account data can be undermined, potentially exposing cardholder data.
Key management procedures should be documented and followed consistently. Procedures should address all aspects of key lifecycle management, including generation, distribution, storage, changes, retirement, and destruction.
Restricting access to cryptographic keys to the fewest number of custodians necessary reduces the risk of unauthorized access to or misuse of the keys. If too many people have access to cryptographic keys, the risk of compromise increases.
Access to cryptographic keys should be limited to only those personnel whose job function requires it. A formal process should be in place for granting and revoking access to cryptographic keys.
If cryptographic keys are not stored securely, they could be accessed by unauthorized individuals and used to decrypt protected data. Secure key storage helps maintain the confidentiality of encrypted data.
Cryptographic keys should be stored in a secure manner that limits access to authorized custodians only. Key-encrypting keys should be at least as strong as the data-encrypting keys they protect. Key-encrypting keys should be stored separately from data-encrypting keys.
Storing cryptographic keys in the fewest possible locations reduces the risk of unauthorized access and simplifies key management. The more locations where keys are stored, the greater the risk of compromise.
Keys should be stored in as few locations as possible, with each location having appropriate security controls. Inventory of key storage locations should be maintained and reviewed periodically.
Cryptographic keys have a limited effective lifetime. Using keys beyond their defined crypto period increases the risk that the encryption can be compromised. Regular key rotation helps maintain the strength of the encryption.
Crypto periods should be defined based on industry best practices and the sensitivity of the data being protected. When a key reaches the end of its crypto period, it should be retired and replaced with a new key. Data encrypted with the old key should be re-encrypted with the new key where feasible.
A crypto period is the time span during which a specific cryptographic key is authorized for use. Crypto periods are defined based on factors such as key strength, the volume of data encrypted, and the sensitivity of the data.
Cryptographic key management is essential for the ongoing security of encryption. If keys are not properly managed, the encryption protecting stored account data can be undermined, potentially exposing cardholder data.
Key management procedures should be documented and followed consistently. Procedures should address all aspects of key lifecycle management, including generation, distribution, storage, changes, retirement, and destruction.
Restricting access to cryptographic keys to the fewest number of custodians necessary reduces the risk of unauthorized access to or misuse of the keys. If too many people have access to cryptographic keys, the risk of compromise increases.
Access to cryptographic keys should be limited to only those personnel whose job function requires it. A formal process should be in place for granting and revoking access to cryptographic keys.
If cryptographic keys are not stored securely, they could be accessed by unauthorized individuals and used to decrypt protected data. Secure key storage helps maintain the confidentiality of encrypted data.
Cryptographic keys should be stored in a secure manner that limits access to authorized custodians only. Key-encrypting keys should be at least as strong as the data-encrypting keys they protect. Key-encrypting keys should be stored separately from data-encrypting keys.
Storing cryptographic keys in the fewest possible locations reduces the risk of unauthorized access and simplifies key management. The more locations where keys are stored, the greater the risk of compromise.
Keys should be stored in as few locations as possible, with each location having appropriate security controls. Inventory of key storage locations should be maintained and reviewed periodically.
Cryptographic keys have a limited effective lifetime. Using keys beyond their defined crypto period increases the risk that the encryption can be compromised. Regular key rotation helps maintain the strength of the encryption.
Crypto periods should be defined based on industry best practices and the sensitivity of the data being protected. When a key reaches the end of its crypto period, it should be retired and replaced with a new key. Data encrypted with the old key should be re-encrypted with the new key where feasible.
A crypto period is the time span during which a specific cryptographic key is authorized for use. Crypto periods are defined based on factors such as key strength, the volume of data encrypted, and the sensitivity of the data.
Cryptographic key management is essential for the ongoing security of encryption. If keys are not properly managed, the encryption protecting stored account data can be undermined, potentially exposing cardholder data.
Key management procedures should be documented and followed consistently. Procedures should address all aspects of key lifecycle management, including generation, distribution, storage, changes, retirement, and destruction.
Restricting access to cryptographic keys to the fewest number of custodians necessary reduces the risk of unauthorized access to or misuse of the keys. If too many people have access to cryptographic keys, the risk of compromise increases.
Access to cryptographic keys should be limited to only those personnel whose job function requires it. A formal process should be in place for granting and revoking access to cryptographic keys.
If cryptographic keys are not stored securely, they could be accessed by unauthorized individuals and used to decrypt protected data. Secure key storage helps maintain the confidentiality of encrypted data.
Cryptographic keys should be stored in a secure manner that limits access to authorized custodians only. Key-encrypting keys should be at least as strong as the data-encrypting keys they protect. Key-encrypting keys should be stored separately from data-encrypting keys.
Storing cryptographic keys in the fewest possible locations reduces the risk of unauthorized access and simplifies key management. The more locations where keys are stored, the greater the risk of compromise.
Keys should be stored in as few locations as possible, with each location having appropriate security controls. Inventory of key storage locations should be maintained and reviewed periodically.
Cryptographic keys have a limited effective lifetime. Using keys beyond their defined crypto period increases the risk that the encryption can be compromised. Regular key rotation helps maintain the strength of the encryption.
Crypto periods should be defined based on industry best practices and the sensitivity of the data being protected. When a key reaches the end of its crypto period, it should be retired and replaced with a new key. Data encrypted with the old key should be re-encrypted with the new key where feasible.
A crypto period is the time span during which a specific cryptographic key is authorized for use. Crypto periods are defined based on factors such as key strength, the volume of data encrypted, and the sensitivity of the data.
Cryptographic key management is essential for the ongoing security of encryption. If keys are not properly managed, the encryption protecting stored account data can be undermined, potentially exposing cardholder data.
Key management procedures should be documented and followed consistently. Procedures should address all aspects of key lifecycle management, including generation, distribution, storage, changes, retirement, and destruction.
Restricting access to cryptographic keys to the fewest number of custodians necessary reduces the risk of unauthorized access to or misuse of the keys. If too many people have access to cryptographic keys, the risk of compromise increases.
Access to cryptographic keys should be limited to only those personnel whose job function requires it. A formal process should be in place for granting and revoking access to cryptographic keys.
If cryptographic keys are not stored securely, they could be accessed by unauthorized individuals and used to decrypt protected data. Secure key storage helps maintain the confidentiality of encrypted data.
Cryptographic keys should be stored in a secure manner that limits access to authorized custodians only. Key-encrypting keys should be at least as strong as the data-encrypting keys they protect. Key-encrypting keys should be stored separately from data-encrypting keys.
Storing cryptographic keys in the fewest possible locations reduces the risk of unauthorized access and simplifies key management. The more locations where keys are stored, the greater the risk of compromise.
Keys should be stored in as few locations as possible, with each location having appropriate security controls. Inventory of key storage locations should be maintained and reviewed periodically.
Cryptographic keys have a limited effective lifetime. Using keys beyond their defined crypto period increases the risk that the encryption can be compromised. Regular key rotation helps maintain the strength of the encryption.
Crypto periods should be defined based on industry best practices and the sensitivity of the data being protected. When a key reaches the end of its crypto period, it should be retired and replaced with a new key. Data encrypted with the old key should be re-encrypted with the new key where feasible.
A crypto period is the time span during which a specific cryptographic key is authorized for use. Crypto periods are defined based on factors such as key strength, the volume of data encrypted, and the sensitivity of the data.
The strength of the encryption depends on the strength of the cryptographic keys. If keys are not generated using strong methods, the encryption they provide may be weak and vulnerable to attack.
Key generation should use industry-accepted algorithms and random number generators. The key generation process should be documented and auditable.
Strong cryptographic key generation uses algorithms and key lengths that are recognized as being resistant to current and anticipated future attacks, as defined by industry standards such as NIST SP 800-57.
If cryptographic keys are not distributed securely, they could be intercepted and used by unauthorized individuals to decrypt protected data. Secure distribution methods help ensure that only authorized parties receive the keys.
Keys should be distributed using secure methods such as key-wrapping with a key-encrypting key, loading keys directly into secure cryptographic devices, or using secure key exchange protocols. Keys should never be distributed in cleartext.
If cryptographic keys are not stored securely, they could be accessed by unauthorized individuals and used to decrypt protected data. Secure storage methods help maintain the confidentiality of encrypted account data.
Keys should be stored in a secure form, such as encrypted with a key-encrypting key. If stored on disk, they should be protected with strong access controls. Hardware security modules (HSMs) provide a high level of security for key storage.
Cryptographic keys have a limited effective lifetime. Using keys beyond their crypto period increases the risk that the encryption can be compromised. Regular key changes help maintain encryption strength.
Key changes should occur at the end of the defined crypto period and when the integrity of the key has been weakened, such as after departure of an employee with knowledge of the key or when compromise is suspected.
When cryptographic keys reach the end of their crypto period or are suspected of being compromised, they should be retired and no longer used for encryption. Proper retirement practices prevent old keys from being misused.
Retired keys should be securely archived if needed for decryption of previously encrypted data, or securely destroyed if no longer needed. Retired keys should not be used for new encryption operations.
Split knowledge and dual control of cryptographic keys ensures that no single person has access to the complete key, reducing the risk of insider threats and key compromise.
Key management procedures should define how keys are split among multiple custodians and require the involvement of at least two custodians for key operations.
Split knowledge is a method in which two or more people separately have key components, where each person knows only their own key component, and the individual key components convey no knowledge of the original key. Dual control requires two or more people to perform an operation, with no single person having access to or knowledge of the authentication material of another.
Unauthorized substitution of cryptographic keys could allow an attacker to decrypt data or to encrypt data with a key they control. Preventing unauthorized key substitution helps maintain the integrity of the encryption system.
Controls should be in place to detect and prevent unauthorized key substitution attempts. Key management procedures should include verification steps to confirm the authenticity of keys before they are used.
Key custodians play a critical role in protecting cryptographic keys. If custodians do not understand their responsibilities, keys may not be adequately protected.
Key custodians should formally acknowledge that they understand and accept their key-custodian responsibilities. This acknowledgement should be documented and retained.
As cryptographic technologies and computing power evolve, previously strong encryption algorithms and key lengths may become vulnerable. Ensuring that cryptographic implementations remain current helps maintain the protection of stored account data.
Organizations should monitor industry guidance on cryptographic strength and update their implementations as needed. When cryptographic algorithms or key lengths are no longer considered strong, data should be re-encrypted using current strong cryptographic methods.
The strength of the encryption depends on the strength of the cryptographic keys. If keys are not generated using strong methods, the encryption they provide may be weak and vulnerable to attack.
Key generation should use industry-accepted algorithms and random number generators. The key generation process should be documented and auditable.
Strong cryptographic key generation uses algorithms and key lengths that are recognized as being resistant to current and anticipated future attacks, as defined by industry standards such as NIST SP 800-57.
If cryptographic keys are not distributed securely, they could be intercepted and used by unauthorized individuals to decrypt protected data. Secure distribution methods help ensure that only authorized parties receive the keys.
Keys should be distributed using secure methods such as key-wrapping with a key-encrypting key, loading keys directly into secure cryptographic devices, or using secure key exchange protocols. Keys should never be distributed in cleartext.
If cryptographic keys are not stored securely, they could be accessed by unauthorized individuals and used to decrypt protected data. Secure storage methods help maintain the confidentiality of encrypted account data.
Keys should be stored in a secure form, such as encrypted with a key-encrypting key. If stored on disk, they should be protected with strong access controls. Hardware security modules (HSMs) provide a high level of security for key storage.
Cryptographic keys have a limited effective lifetime. Using keys beyond their crypto period increases the risk that the encryption can be compromised. Regular key changes help maintain encryption strength.
Key changes should occur at the end of the defined crypto period and when the integrity of the key has been weakened, such as after departure of an employee with knowledge of the key or when compromise is suspected.
When cryptographic keys reach the end of their crypto period or are suspected of being compromised, they should be retired and no longer used for encryption. Proper retirement practices prevent old keys from being misused.
Retired keys should be securely archived if needed for decryption of previously encrypted data, or securely destroyed if no longer needed. Retired keys should not be used for new encryption operations.
Split knowledge and dual control of cryptographic keys ensures that no single person has access to the complete key, reducing the risk of insider threats and key compromise.
Key management procedures should define how keys are split among multiple custodians and require the involvement of at least two custodians for key operations.
Split knowledge is a method in which two or more people separately have key components, where each person knows only their own key component, and the individual key components convey no knowledge of the original key. Dual control requires two or more people to perform an operation, with no single person having access to or knowledge of the authentication material of another.
Unauthorized substitution of cryptographic keys could allow an attacker to decrypt data or to encrypt data with a key they control. Preventing unauthorized key substitution helps maintain the integrity of the encryption system.
Controls should be in place to detect and prevent unauthorized key substitution attempts. Key management procedures should include verification steps to confirm the authenticity of keys before they are used.
Key custodians play a critical role in protecting cryptographic keys. If custodians do not understand their responsibilities, keys may not be adequately protected.
Key custodians should formally acknowledge that they understand and accept their key-custodian responsibilities. This acknowledgement should be documented and retained.
As cryptographic technologies and computing power evolve, previously strong encryption algorithms and key lengths may become vulnerable. Ensuring that cryptographic implementations remain current helps maintain the protection of stored account data.
Organizations should monitor industry guidance on cryptographic strength and update their implementations as needed. When cryptographic algorithms or key lengths are no longer considered strong, data should be re-encrypted using current strong cryptographic methods.
The strength of the encryption depends on the strength of the cryptographic keys. If keys are not generated using strong methods, the encryption they provide may be weak and vulnerable to attack.
Key generation should use industry-accepted algorithms and random number generators. The key generation process should be documented and auditable.
Strong cryptographic key generation uses algorithms and key lengths that are recognized as being resistant to current and anticipated future attacks, as defined by industry standards such as NIST SP 800-57.
If cryptographic keys are not distributed securely, they could be intercepted and used by unauthorized individuals to decrypt protected data. Secure distribution methods help ensure that only authorized parties receive the keys.
Keys should be distributed using secure methods such as key-wrapping with a key-encrypting key, loading keys directly into secure cryptographic devices, or using secure key exchange protocols. Keys should never be distributed in cleartext.
If cryptographic keys are not stored securely, they could be accessed by unauthorized individuals and used to decrypt protected data. Secure storage methods help maintain the confidentiality of encrypted account data.
Keys should be stored in a secure form, such as encrypted with a key-encrypting key. If stored on disk, they should be protected with strong access controls. Hardware security modules (HSMs) provide a high level of security for key storage.
Cryptographic keys have a limited effective lifetime. Using keys beyond their crypto period increases the risk that the encryption can be compromised. Regular key changes help maintain encryption strength.
Key changes should occur at the end of the defined crypto period and when the integrity of the key has been weakened, such as after departure of an employee with knowledge of the key or when compromise is suspected.
When cryptographic keys reach the end of their crypto period or are suspected of being compromised, they should be retired and no longer used for encryption. Proper retirement practices prevent old keys from being misused.
Retired keys should be securely archived if needed for decryption of previously encrypted data, or securely destroyed if no longer needed. Retired keys should not be used for new encryption operations.
Split knowledge and dual control of cryptographic keys ensures that no single person has access to the complete key, reducing the risk of insider threats and key compromise.
Key management procedures should define how keys are split among multiple custodians and require the involvement of at least two custodians for key operations.
Split knowledge is a method in which two or more people separately have key components, where each person knows only their own key component, and the individual key components convey no knowledge of the original key. Dual control requires two or more people to perform an operation, with no single person having access to or knowledge of the authentication material of another.
Unauthorized substitution of cryptographic keys could allow an attacker to decrypt data or to encrypt data with a key they control. Preventing unauthorized key substitution helps maintain the integrity of the encryption system.
Controls should be in place to detect and prevent unauthorized key substitution attempts. Key management procedures should include verification steps to confirm the authenticity of keys before they are used.
Key custodians play a critical role in protecting cryptographic keys. If custodians do not understand their responsibilities, keys may not be adequately protected.
Key custodians should formally acknowledge that they understand and accept their key-custodian responsibilities. This acknowledgement should be documented and retained.
As cryptographic technologies and computing power evolve, previously strong encryption algorithms and key lengths may become vulnerable. Ensuring that cryptographic implementations remain current helps maintain the protection of stored account data.
Organizations should monitor industry guidance on cryptographic strength and update their implementations as needed. When cryptographic algorithms or key lengths are no longer considered strong, data should be re-encrypted using current strong cryptographic methods.
The strength of the encryption depends on the strength of the cryptographic keys. If keys are not generated using strong methods, the encryption they provide may be weak and vulnerable to attack.
Key generation should use industry-accepted algorithms and random number generators. The key generation process should be documented and auditable.
Strong cryptographic key generation uses algorithms and key lengths that are recognized as being resistant to current and anticipated future attacks, as defined by industry standards such as NIST SP 800-57.
If cryptographic keys are not distributed securely, they could be intercepted and used by unauthorized individuals to decrypt protected data. Secure distribution methods help ensure that only authorized parties receive the keys.
Keys should be distributed using secure methods such as key-wrapping with a key-encrypting key, loading keys directly into secure cryptographic devices, or using secure key exchange protocols. Keys should never be distributed in cleartext.
If cryptographic keys are not stored securely, they could be accessed by unauthorized individuals and used to decrypt protected data. Secure storage methods help maintain the confidentiality of encrypted account data.
Keys should be stored in a secure form, such as encrypted with a key-encrypting key. If stored on disk, they should be protected with strong access controls. Hardware security modules (HSMs) provide a high level of security for key storage.
Cryptographic keys have a limited effective lifetime. Using keys beyond their crypto period increases the risk that the encryption can be compromised. Regular key changes help maintain encryption strength.
Key changes should occur at the end of the defined crypto period and when the integrity of the key has been weakened, such as after departure of an employee with knowledge of the key or when compromise is suspected.
When cryptographic keys reach the end of their crypto period or are suspected of being compromised, they should be retired and no longer used for encryption. Proper retirement practices prevent old keys from being misused.
Retired keys should be securely archived if needed for decryption of previously encrypted data, or securely destroyed if no longer needed. Retired keys should not be used for new encryption operations.
Split knowledge and dual control of cryptographic keys ensures that no single person has access to the complete key, reducing the risk of insider threats and key compromise.
Key management procedures should define how keys are split among multiple custodians and require the involvement of at least two custodians for key operations.
Split knowledge is a method in which two or more people separately have key components, where each person knows only their own key component, and the individual key components convey no knowledge of the original key. Dual control requires two or more people to perform an operation, with no single person having access to or knowledge of the authentication material of another.
Unauthorized substitution of cryptographic keys could allow an attacker to decrypt data or to encrypt data with a key they control. Preventing unauthorized key substitution helps maintain the integrity of the encryption system.
Controls should be in place to detect and prevent unauthorized key substitution attempts. Key management procedures should include verification steps to confirm the authenticity of keys before they are used.
Key custodians play a critical role in protecting cryptographic keys. If custodians do not understand their responsibilities, keys may not be adequately protected.
Key custodians should formally acknowledge that they understand and accept their key-custodian responsibilities. This acknowledgement should be documented and retained.
As cryptographic technologies and computing power evolve, previously strong encryption algorithms and key lengths may become vulnerable. Ensuring that cryptographic implementations remain current helps maintain the protection of stored account data.
Organizations should monitor industry guidance on cryptographic strength and update their implementations as needed. When cryptographic algorithms or key lengths are no longer considered strong, data should be re-encrypted using current strong cryptographic methods.
The strength of the encryption depends on the strength of the cryptographic keys. If keys are not generated using strong methods, the encryption they provide may be weak and vulnerable to attack.
Key generation should use industry-accepted algorithms and random number generators. The key generation process should be documented and auditable.
Strong cryptographic key generation uses algorithms and key lengths that are recognized as being resistant to current and anticipated future attacks, as defined by industry standards such as NIST SP 800-57.
If cryptographic keys are not distributed securely, they could be intercepted and used by unauthorized individuals to decrypt protected data. Secure distribution methods help ensure that only authorized parties receive the keys.
Keys should be distributed using secure methods such as key-wrapping with a key-encrypting key, loading keys directly into secure cryptographic devices, or using secure key exchange protocols. Keys should never be distributed in cleartext.
If cryptographic keys are not stored securely, they could be accessed by unauthorized individuals and used to decrypt protected data. Secure storage methods help maintain the confidentiality of encrypted account data.
Keys should be stored in a secure form, such as encrypted with a key-encrypting key. If stored on disk, they should be protected with strong access controls. Hardware security modules (HSMs) provide a high level of security for key storage.
Cryptographic keys have a limited effective lifetime. Using keys beyond their crypto period increases the risk that the encryption can be compromised. Regular key changes help maintain encryption strength.
Key changes should occur at the end of the defined crypto period and when the integrity of the key has been weakened, such as after departure of an employee with knowledge of the key or when compromise is suspected.
When cryptographic keys reach the end of their crypto period or are suspected of being compromised, they should be retired and no longer used for encryption. Proper retirement practices prevent old keys from being misused.
Retired keys should be securely archived if needed for decryption of previously encrypted data, or securely destroyed if no longer needed. Retired keys should not be used for new encryption operations.
Split knowledge and dual control of cryptographic keys ensures that no single person has access to the complete key, reducing the risk of insider threats and key compromise.
Key management procedures should define how keys are split among multiple custodians and require the involvement of at least two custodians for key operations.
Split knowledge is a method in which two or more people separately have key components, where each person knows only their own key component, and the individual key components convey no knowledge of the original key. Dual control requires two or more people to perform an operation, with no single person having access to or knowledge of the authentication material of another.
Unauthorized substitution of cryptographic keys could allow an attacker to decrypt data or to encrypt data with a key they control. Preventing unauthorized key substitution helps maintain the integrity of the encryption system.
Controls should be in place to detect and prevent unauthorized key substitution attempts. Key management procedures should include verification steps to confirm the authenticity of keys before they are used.
Key custodians play a critical role in protecting cryptographic keys. If custodians do not understand their responsibilities, keys may not be adequately protected.
Key custodians should formally acknowledge that they understand and accept their key-custodian responsibilities. This acknowledgement should be documented and retained.
As cryptographic technologies and computing power evolve, previously strong encryption algorithms and key lengths may become vulnerable. Ensuring that cryptographic implementations remain current helps maintain the protection of stored account data.
Organizations should monitor industry guidance on cryptographic strength and update their implementations as needed. When cryptographic algorithms or key lengths are no longer considered strong, data should be re-encrypted using current strong cryptographic methods.
The strength of the encryption depends on the strength of the cryptographic keys. If keys are not generated using strong methods, the encryption they provide may be weak and vulnerable to attack.
Key generation should use industry-accepted algorithms and random number generators. The key generation process should be documented and auditable.
Strong cryptographic key generation uses algorithms and key lengths that are recognized as being resistant to current and anticipated future attacks, as defined by industry standards such as NIST SP 800-57.
If cryptographic keys are not distributed securely, they could be intercepted and used by unauthorized individuals to decrypt protected data. Secure distribution methods help ensure that only authorized parties receive the keys.
Keys should be distributed using secure methods such as key-wrapping with a key-encrypting key, loading keys directly into secure cryptographic devices, or using secure key exchange protocols. Keys should never be distributed in cleartext.
If cryptographic keys are not stored securely, they could be accessed by unauthorized individuals and used to decrypt protected data. Secure storage methods help maintain the confidentiality of encrypted account data.
Keys should be stored in a secure form, such as encrypted with a key-encrypting key. If stored on disk, they should be protected with strong access controls. Hardware security modules (HSMs) provide a high level of security for key storage.
Cryptographic keys have a limited effective lifetime. Using keys beyond their crypto period increases the risk that the encryption can be compromised. Regular key changes help maintain encryption strength.
Key changes should occur at the end of the defined crypto period and when the integrity of the key has been weakened, such as after departure of an employee with knowledge of the key or when compromise is suspected.
When cryptographic keys reach the end of their crypto period or are suspected of being compromised, they should be retired and no longer used for encryption. Proper retirement practices prevent old keys from being misused.
Retired keys should be securely archived if needed for decryption of previously encrypted data, or securely destroyed if no longer needed. Retired keys should not be used for new encryption operations.
Split knowledge and dual control of cryptographic keys ensures that no single person has access to the complete key, reducing the risk of insider threats and key compromise.
Key management procedures should define how keys are split among multiple custodians and require the involvement of at least two custodians for key operations.
Split knowledge is a method in which two or more people separately have key components, where each person knows only their own key component, and the individual key components convey no knowledge of the original key. Dual control requires two or more people to perform an operation, with no single person having access to or knowledge of the authentication material of another.
Unauthorized substitution of cryptographic keys could allow an attacker to decrypt data or to encrypt data with a key they control. Preventing unauthorized key substitution helps maintain the integrity of the encryption system.
Controls should be in place to detect and prevent unauthorized key substitution attempts. Key management procedures should include verification steps to confirm the authenticity of keys before they are used.
Key custodians play a critical role in protecting cryptographic keys. If custodians do not understand their responsibilities, keys may not be adequately protected.
Key custodians should formally acknowledge that they understand and accept their key-custodian responsibilities. This acknowledgement should be documented and retained.
As cryptographic technologies and computing power evolve, previously strong encryption algorithms and key lengths may become vulnerable. Ensuring that cryptographic implementations remain current helps maintain the protection of stored account data.
Organizations should monitor industry guidance on cryptographic strength and update their implementations as needed. When cryptographic algorithms or key lengths are no longer considered strong, data should be re-encrypted using current strong cryptographic methods.
The strength of the encryption depends on the strength of the cryptographic keys. If keys are not generated using strong methods, the encryption they provide may be weak and vulnerable to attack.
Key generation should use industry-accepted algorithms and random number generators. The key generation process should be documented and auditable.
Strong cryptographic key generation uses algorithms and key lengths that are recognized as being resistant to current and anticipated future attacks, as defined by industry standards such as NIST SP 800-57.
If cryptographic keys are not distributed securely, they could be intercepted and used by unauthorized individuals to decrypt protected data. Secure distribution methods help ensure that only authorized parties receive the keys.
Keys should be distributed using secure methods such as key-wrapping with a key-encrypting key, loading keys directly into secure cryptographic devices, or using secure key exchange protocols. Keys should never be distributed in cleartext.
If cryptographic keys are not stored securely, they could be accessed by unauthorized individuals and used to decrypt protected data. Secure storage methods help maintain the confidentiality of encrypted account data.
Keys should be stored in a secure form, such as encrypted with a key-encrypting key. If stored on disk, they should be protected with strong access controls. Hardware security modules (HSMs) provide a high level of security for key storage.
Cryptographic keys have a limited effective lifetime. Using keys beyond their crypto period increases the risk that the encryption can be compromised. Regular key changes help maintain encryption strength.
Key changes should occur at the end of the defined crypto period and when the integrity of the key has been weakened, such as after departure of an employee with knowledge of the key or when compromise is suspected.
When cryptographic keys reach the end of their crypto period or are suspected of being compromised, they should be retired and no longer used for encryption. Proper retirement practices prevent old keys from being misused.
Retired keys should be securely archived if needed for decryption of previously encrypted data, or securely destroyed if no longer needed. Retired keys should not be used for new encryption operations.
Split knowledge and dual control of cryptographic keys ensures that no single person has access to the complete key, reducing the risk of insider threats and key compromise.
Key management procedures should define how keys are split among multiple custodians and require the involvement of at least two custodians for key operations.
Split knowledge is a method in which two or more people separately have key components, where each person knows only their own key component, and the individual key components convey no knowledge of the original key. Dual control requires two or more people to perform an operation, with no single person having access to or knowledge of the authentication material of another.
Unauthorized substitution of cryptographic keys could allow an attacker to decrypt data or to encrypt data with a key they control. Preventing unauthorized key substitution helps maintain the integrity of the encryption system.
Controls should be in place to detect and prevent unauthorized key substitution attempts. Key management procedures should include verification steps to confirm the authenticity of keys before they are used.
Key custodians play a critical role in protecting cryptographic keys. If custodians do not understand their responsibilities, keys may not be adequately protected.
Key custodians should formally acknowledge that they understand and accept their key-custodian responsibilities. This acknowledgement should be documented and retained.
As cryptographic technologies and computing power evolve, previously strong encryption algorithms and key lengths may become vulnerable. Ensuring that cryptographic implementations remain current helps maintain the protection of stored account data.
Organizations should monitor industry guidance on cryptographic strength and update their implementations as needed. When cryptographic algorithms or key lengths are no longer considered strong, data should be re-encrypted using current strong cryptographic methods.
The strength of the encryption depends on the strength of the cryptographic keys. If keys are not generated using strong methods, the encryption they provide may be weak and vulnerable to attack.
Key generation should use industry-accepted algorithms and random number generators. The key generation process should be documented and auditable.
Strong cryptographic key generation uses algorithms and key lengths that are recognized as being resistant to current and anticipated future attacks, as defined by industry standards such as NIST SP 800-57.
If cryptographic keys are not distributed securely, they could be intercepted and used by unauthorized individuals to decrypt protected data. Secure distribution methods help ensure that only authorized parties receive the keys.
Keys should be distributed using secure methods such as key-wrapping with a key-encrypting key, loading keys directly into secure cryptographic devices, or using secure key exchange protocols. Keys should never be distributed in cleartext.
If cryptographic keys are not stored securely, they could be accessed by unauthorized individuals and used to decrypt protected data. Secure storage methods help maintain the confidentiality of encrypted account data.
Keys should be stored in a secure form, such as encrypted with a key-encrypting key. If stored on disk, they should be protected with strong access controls. Hardware security modules (HSMs) provide a high level of security for key storage.
Cryptographic keys have a limited effective lifetime. Using keys beyond their crypto period increases the risk that the encryption can be compromised. Regular key changes help maintain encryption strength.
Key changes should occur at the end of the defined crypto period and when the integrity of the key has been weakened, such as after departure of an employee with knowledge of the key or when compromise is suspected.
When cryptographic keys reach the end of their crypto period or are suspected of being compromised, they should be retired and no longer used for encryption. Proper retirement practices prevent old keys from being misused.
Retired keys should be securely archived if needed for decryption of previously encrypted data, or securely destroyed if no longer needed. Retired keys should not be used for new encryption operations.
Split knowledge and dual control of cryptographic keys ensures that no single person has access to the complete key, reducing the risk of insider threats and key compromise.
Key management procedures should define how keys are split among multiple custodians and require the involvement of at least two custodians for key operations.
Split knowledge is a method in which two or more people separately have key components, where each person knows only their own key component, and the individual key components convey no knowledge of the original key. Dual control requires two or more people to perform an operation, with no single person having access to or knowledge of the authentication material of another.
Unauthorized substitution of cryptographic keys could allow an attacker to decrypt data or to encrypt data with a key they control. Preventing unauthorized key substitution helps maintain the integrity of the encryption system.
Controls should be in place to detect and prevent unauthorized key substitution attempts. Key management procedures should include verification steps to confirm the authenticity of keys before they are used.
Key custodians play a critical role in protecting cryptographic keys. If custodians do not understand their responsibilities, keys may not be adequately protected.
Key custodians should formally acknowledge that they understand and accept their key-custodian responsibilities. This acknowledgement should be documented and retained.
As cryptographic technologies and computing power evolve, previously strong encryption algorithms and key lengths may become vulnerable. Ensuring that cryptographic implementations remain current helps maintain the protection of stored account data.
Organizations should monitor industry guidance on cryptographic strength and update their implementations as needed. When cryptographic algorithms or key lengths are no longer considered strong, data should be re-encrypted using current strong cryptographic methods.
The strength of the encryption depends on the strength of the cryptographic keys. If keys are not generated using strong methods, the encryption they provide may be weak and vulnerable to attack.
Key generation should use industry-accepted algorithms and random number generators. The key generation process should be documented and auditable.
Strong cryptographic key generation uses algorithms and key lengths that are recognized as being resistant to current and anticipated future attacks, as defined by industry standards such as NIST SP 800-57.
If cryptographic keys are not distributed securely, they could be intercepted and used by unauthorized individuals to decrypt protected data. Secure distribution methods help ensure that only authorized parties receive the keys.
Keys should be distributed using secure methods such as key-wrapping with a key-encrypting key, loading keys directly into secure cryptographic devices, or using secure key exchange protocols. Keys should never be distributed in cleartext.
If cryptographic keys are not stored securely, they could be accessed by unauthorized individuals and used to decrypt protected data. Secure storage methods help maintain the confidentiality of encrypted account data.
Keys should be stored in a secure form, such as encrypted with a key-encrypting key. If stored on disk, they should be protected with strong access controls. Hardware security modules (HSMs) provide a high level of security for key storage.
Cryptographic keys have a limited effective lifetime. Using keys beyond their crypto period increases the risk that the encryption can be compromised. Regular key changes help maintain encryption strength.
Key changes should occur at the end of the defined crypto period and when the integrity of the key has been weakened, such as after departure of an employee with knowledge of the key or when compromise is suspected.
When cryptographic keys reach the end of their crypto period or are suspected of being compromised, they should be retired and no longer used for encryption. Proper retirement practices prevent old keys from being misused.
Retired keys should be securely archived if needed for decryption of previously encrypted data, or securely destroyed if no longer needed. Retired keys should not be used for new encryption operations.
Split knowledge and dual control of cryptographic keys ensures that no single person has access to the complete key, reducing the risk of insider threats and key compromise.
Key management procedures should define how keys are split among multiple custodians and require the involvement of at least two custodians for key operations.
Split knowledge is a method in which two or more people separately have key components, where each person knows only their own key component, and the individual key components convey no knowledge of the original key. Dual control requires two or more people to perform an operation, with no single person having access to or knowledge of the authentication material of another.
Unauthorized substitution of cryptographic keys could allow an attacker to decrypt data or to encrypt data with a key they control. Preventing unauthorized key substitution helps maintain the integrity of the encryption system.
Controls should be in place to detect and prevent unauthorized key substitution attempts. Key management procedures should include verification steps to confirm the authenticity of keys before they are used.
Key custodians play a critical role in protecting cryptographic keys. If custodians do not understand their responsibilities, keys may not be adequately protected.
Key custodians should formally acknowledge that they understand and accept their key-custodian responsibilities. This acknowledgement should be documented and retained.
As cryptographic technologies and computing power evolve, previously strong encryption algorithms and key lengths may become vulnerable. Ensuring that cryptographic implementations remain current helps maintain the protection of stored account data.
Organizations should monitor industry guidance on cryptographic strength and update their implementations as needed. When cryptographic algorithms or key lengths are no longer considered strong, data should be re-encrypted using current strong cryptographic methods.