Encryption and Key Management

A key component of the Information Security Program are encryption and key management policies.

EKM Control Domains

EKM-01: Entitlement -

  • EKM-01.1: Do you have key management policies binding keys to identifiable owners?


Policy to be referenced here is INSERT
*Action item: INSERT

EKM-02: Key Generation -

  • EKM-02.1: Do you have a capability to allow creation of unique encryption keys per tenant?


Policy to be referenced here is INSERT
*Action item: INSERT

  • EKM-02.2: Do you have a capability to manage encryption keys on behalf of tenants?


Policy to be referenced here is INSERT
*Action item: INSERT

  • EKM-02.3: Do you maintain key management procedures?


Policy to be referenced here is INSERT
*Action item: INSERT

  • EKM-02.4: Do you have documented ownership for each stage of the lifecycle of encryption keys?


Policy to be referenced here is INSERT
*Action item: INSERT

  • EKM-02.5: Do you utilize any third party/open source/proprietary frameworks to manage encryption keys?


Policy to be referenced here is INSERT
*Action item: INSERT

EKM-03: Encryption -

  • EKM-03.1: Do you encrypt tenant data at rest (on disk/storage) within your environment?


Policy to be referenced here is INSERT
*Action item: INSERT

  • EKM-03.2: Do you leverage encryption to protect data and virtual machine images during transport across and between networks and hypervisor instances?


Policy to be referenced here is INSERT
*Action item: INSERT

  • EKM-03.3: Do you have documentation establishing and defining your encryption management policies, procedures, and guidelines?


Policy to be referenced here is INSERT
*Action item: INSERT

EKM-04: Storage and Access -

  • EKM-04.1: Do you have platform and data appropriate encryption that uses open/validated formats and standard algorithms?


Policy to be referenced here is INSERT
*Action item: INSERT

  • EKM-04.2: Are your encryption keys maintained by the cloud consumer or a trusted key management provider?


Policy to be referenced here is INSERT
*Action item: INSERT

  • EKM-04.3: Do you store encryption keys in the cloud?


Policy to be referenced here is INSERT
*Action item: INSERT

  • EKM-04.4: Do you have separate key management and key usage duties?


Policy to be referenced here is INSERT
*Action item: INSERT

Related Documents

  • None