+Cryptography and Key Management (CRY)
---+CRY-01 Policy for the Use of Cryptographic Mechanisms
------+CRY-01.01B
------+CRY-01.02B
------+CRY-01.01AC
------+CRY-01.02AC
------+CRY-01.03AC
---+CRY-02 Cryptographic Change Management
------+CRY-02.01B
------+CRY-02.02B
------+CRY-02.03B
------+CRY-02 Supplementary Information - Complementary Customer Criteria
---+CRY-03 Review of Cryptography Practices
------+CRY-03.01B
------+CRY-03.02B
---+CRY-04 Protection of Data for Transmission (Transport Protection)
------+CRY-04.01B
------+CRY-04.02B
------+CRY-04.01AS
------+CRY-04 Supplementary Information - Complementary Customer Criteria
---+CRY-05 Encryption of Sensitive Data at Rest
------+CRY-05.01B
------+CRY-05.02B
------+CRY-05.03B
------+CRY-05.04B
------+CRY-05.05B
------+CRY-05.01AC
------+CRY-05 Supplementary Information - Complementary Customer Criteria
---+CRY-06 Secure Key Generation
------+CRY-06.01B
---+CRY-07 Rotation of Cryptographic Keys
------+CRY-07.01B
---+CRY-08 Public-Key Certificate Issuance
------+CRY-08.01B
------+CRY-08 Supplementary Information - Complementary Customer Criteria
---+CRY-09 Secure Key Provisioning
------+CRY-09.01B
------+CRY-09.02B
---+CRY-10 Secure Storage of Keys
------+CRY-10.01B
------+CRY-10.01AC
---+CRY-11 Cryptographic Key Archival
------+CRY-11.01B
---+CRY-12 Cryptographic Key Transition Management
------+CRY-12.01B
---+CRY-13 Handling of Compromised Keys
------+CRY-13.01B
------+CRY-13.02B
---+CRY-14 Secure Deactivation of Cryptographic Keys
------+CRY-14.01B
---+CRY-15 Requirements for Pre-Shared Keys
------+CRY-15.01B
---+CRY-16 Operational Continuity for Key Management
------+CRY-16.01B
------+CRY-16.02B
---+CRY-17 Cryptographic Key Lifecycle Management
------+CRY-17.01B
------+CRY-17.02B
---+CRY-18 Usage of External Key Management Systems
------+CRY-18.01B
------+CRY-18 Supplementary Information - Complementary Customer Criteria
---+CRY-19 Secure Handling of Customer Managed Keys
------+CRY-19.01B
------+CRY-19 Supplementary Information - Complementary Customer Criteria

1. Übersicht

Cryptography and Key Management (CRY)

Objective: Ensure appropriate and effective use of cryptography to protect the confidentiality, authenticity or integrity of information.

Bezeichnung	Standard
CRY-01 Policy for the Use of Cryptographic Mechanisms	-
CRY-02 Cryptographic Change Management	-
CRY-03 Review of Cryptography Practices	-
CRY-04 Protection of Data for Transmission (Transport Protection)	-
CRY-05 Encryption of Sensitive Data at Rest	-
CRY-06 Secure Key Generation	-
CRY-07 Rotation of Cryptographic Keys	-
CRY-08 Public-Key Certificate Issuance	-
CRY-09 Secure Key Provisioning	-
CRY-10 Secure Storage of Keys	-
CRY-11 Cryptographic Key Archival	-
CRY-12 Cryptographic Key Transition Management	-
CRY-13 Handling of Compromised Keys	-
CRY-14 Secure Deactivation of Cryptographic Keys	-
CRY-15 Requirements for Pre-Shared Keys	-
CRY-16 Operational Continuity for Key Management	-
CRY-17 Cryptographic Key Lifecycle Management	-
CRY-18 Usage of External Key Management Systems	-
CRY-19 Secure Handling of Customer Managed Keys	-

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html