Secure Req 11
<< Back to Baseline Functional Requirements Index
SECURE-11. KEY MANAGEMENT
Entities that use cryptographic solutions as part of identity management MUST implement key management policies and processes that are consistent with industry-accepted practices.
To support the security and interoperability of cryptographic solutions, organizations must follow best practices and standards for cryptographic algorithms and key management including the generation, protection, distribution, and recovery of keys.
NIST 800-57 (3-parts – Key Management– http://dx.doi.org/10.6028/NIST.SP.800-57pt3r1, http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part2.pdf, http://dx.doi.org/10.6028/NIST.SP.800-57pt3r1; , ISO/IEC 27002 - 12.3.1; PCI-DSS- 3.6.1-3.6.8 ; (see table of requirements at page 18+); FFIEC - Information Security http://ithandbook.ffiec.gov/ITBooklets/FFIEC_ITBooklet_InformationSecurity.pdf, see 22.214.171.124(a), 5.3, 5.3.2, 2.1.2, 2.11; Wholesale Payment Systems Booklet, http://ithandbook.ffiec.gov/ITBooklets/FFIEC_ITBooklet_WholesalePaymentSystems.pdf