Define, implement and evaluate processes, procedures and technical measures to destroy keys stored outside a secure environment and revoke keys stored in Hardware Security Modules (HSMs) when they are no longer needed, which include provisions for legal and regulatory requirements.
Key destruction removes all traces to prevent recovery by physical or electronic means.
- When a key is to be destroyed, all key copies should be destroyed.
- Keys should be destroyed when they are not needed to minimize compromise risks.
- Secret and private keys should be destroyed so they cannot be recovered by any means.
- Public keys may be kept or destroyed.
- Notify stakeholders in advance of key destruction.
- Consider laws, regulations, and their retention requirements for keys and/or metadata.
- Key recovery information (KRI) should be protected against unauthorized disclosure or destruction.
- All relevant transitions/activity should be recorded (logged) in the inventory management system (CKMS).
- Confirm the existence of key destruction processes and procedures.
- Review the access permissions for the destruction and restoration of keys and confirm that only appropriate individuals have access to these capabilities.
- Review keys that have been destroyed and ascertain the appropriate process and procedure have been followed.
- Establish documented criteria that determine when it is appropriate for a cryptographic key to be stored outside a secure environment.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.