Omaerz: 7 revisions imported: Initial Upload of old pages from IDESG Wiki

2018-06-28T04:03:33Z

7 revisions imported: Initial Upload of old pages from IDESG Wiki

New page

''<< Back to [[Baseline_Functional_Requirements_v1.0|Baseline Functional Requirements Index]]''

== SECURE-11. KEY MANAGEMENT ==
Entities that use cryptographic solutions as part of identity management MUST implement key management policies and processes that are consistent with industry-accepted practices.

=== SUPPLEMENTAL GUIDANCE ===
To support the security and interoperability of cryptographic solutions, organizations must follow
best practices and standards for cryptographic algorithms and key management including the
generation, protection, distribution, and recovery of keys.

=== REFERENCES ===
NIST 800-57 (3-parts – Key Management– http://dx.doi.org/10.6028/NIST.SP.800-57pt3r1,
http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part2.pdf,
http://dx.doi.org/10.6028/NIST.SP.800-57pt3r1; , ISO/IEC 27002 - 12.3.1; PCI-DSS- 3.6.1-3.6.8 ; (see
table of requirements at page 18+); FFIEC - Information Security
http://ithandbook.ffiec.gov/ITBooklets/FFIEC_ITBooklet_InformationSecurity.pdf, see 5.1.2.3(a), 5.3,
5.3.2, 2.1.2, 2.11; Wholesale Payment Systems Booklet,
http://ithandbook.ffiec.gov/ITBooklets/FFIEC_ITBooklet_WholesalePaymentSystems.pdf

=== APPLIES TO ACTIVITIES ===
[[IDEF Functional Model REGISTRATION|REGISTRATION]],
[[IDEF Functional Model CREDENTIALING|CREDENTIALING]],
[[IDEF Functional Model AUTHENTICATION|AUTHENTICATION]],
[[IDEF Functional Model AUTHORIZATION|AUTHORIZATION]],
[[IDEF Functional Model INTERMEDIATION|INTERMEDIATION]]

=== KEYWORDS ===
[[IDEF Keywords PKI|PKI]], [[IDEF Keywords POLICIES|POLICIES]], [[IDEF Keywords SECURITY|SECURITY]]

----
----
Quick Links: [[SALS]] | [[Baseline Functional Requirements v1.0]] | [[Glossary]] |

----
----

Secure Req 11 - Revision history

Omaerz: 7 revisions imported: Initial Upload of old pages from IDESG Wiki