EKM-04: Storage and Access

Control Family:

Encryption & Key Management

CSF v1.1 References:

PR.DS-5

PF v1.0 References:

PR.DS-P5

Threats Addressed:

Repudiation
Information Disclosure
Elevation of Privilege

Control Statement

Platform and data-appropriate encryption (e.g., AES-256) in open/validated formats and standard algorithms shall be required. Keys shall not be stored in the cloud (i.e., at the cloud provider in question), but maintained by the cloud consumer or trusted key management provider. Key management and key usage shall be separated duties.

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4