+CRY-14.01B

1. Übersicht

CRY-14.01B

The cloud service provider has documented and implemented procedures to deactivate cryptographic keys. These procedures ensure that:

1. Expired keys are no longer used for encryption purposes, but may still be used for decryption if necessary;
2. Expired keys are no longer used for signature creation, but may still be used for signature verification;
3. Deactivated keys are eventually destroyed when they are no longer required, with relevant metadata retained for auditing; and
4. All actions related to key deactivation and destruction are recorded in the key management system to maintain a detailed audit log.

Bezeichnung	Standard

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html