Secure Req 11

From IDESG Wiki
Jump to navigation Jump to search

<< Back to Baseline Functional Requirements Index

SECURE-11. KEY MANAGEMENT

Entities that use cryptographic solutions as part of identity management MUST implement key management policies and processes that are consistent with industry-accepted practices.

SUPPLEMENTAL GUIDANCE

To support the security and interoperability of cryptographic solutions, organizations must follow best practices and standards for cryptographic algorithms and key management including the generation, protection, distribution, and recovery of keys.

REFERENCES

NIST 800-57 (3-parts – Key Management– http://dx.doi.org/10.6028/NIST.SP.800-57pt3r1, http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part2.pdf, http://dx.doi.org/10.6028/NIST.SP.800-57pt3r1; , ISO/IEC 27002 - 12.3.1; PCI-DSS- 3.6.1-3.6.8 ; (see table of requirements at page 18+); FFIEC - Information Security http://ithandbook.ffiec.gov/ITBooklets/FFIEC_ITBooklet_InformationSecurity.pdf, see 5.1.2.3(a), 5.3, 5.3.2, 2.1.2, 2.11; Wholesale Payment Systems Booklet, http://ithandbook.ffiec.gov/ITBooklets/FFIEC_ITBooklet_WholesalePaymentSystems.pdf

APPLIES TO ACTIVITIES

REGISTRATION, CREDENTIALING, AUTHENTICATION, AUTHORIZATION, INTERMEDIATION

KEYWORDS

PKI, POLICIES, SECURITY



Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |