CEK-10: Key Generation

CSF v1.1 References:

PF v1.0 References:

Info icon.

Control is new to this version of the control set and incorporates the following control from the previous version: EKM-04: Storage and Access.

Control Statement

Generate Cryptographic keys using industry accepted cryptographic libraries specifying the algorithm strength and the random number generator used.

Implementation Guidance

The key generation process should be cryptographically secure.

  1. Keys should be generated:

using random bit generators (RBGs) and possibly other parameters, or generated based on keys that are created in this fashion.

  1. Key management technology and processes should be NIST FIPS validated or NSA-approved or comparable.
  2. All relevant transitions/activity should be recorded (logged) in the inventory management system (CKMS).

Auditing Guidance

  1. Confirm that the organization has an approved process for the generation of cryptographic keys.
  2. Identify the keys being used.
  3. Observe the generation of an encryption key in a production-like sandbox or as a test tenant in production and confirm the keys have been generated according to the appropriate procedure and technical specifications.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.