+CRY-18 Usage of External Key Management Systems
---+CRY-18.01B
---+CRY-18 Supplementary Information - Complementary Customer Criteria

1. Übersicht

CRY-18 Usage of External Key Management Systems

-
CRY-18.01B In the case that external key management systems (KMS) are integrated into the service, the cloud service provider ensures that the procedures and technical safeguards for the usage of external key management systems (KMS) are established. The following aspects are taken into account:

1. The external KMS have recognised security certifications that reflect the state of the art to comply with legal, regulatory and contractual requirements;
2. The integration of the external KMS into the cloud infrastructure is secure to ensure the confidentiality, integrity, and availability of the keys;
3. Strict access control are implemented to ensure that only authorised users and systems can access the keys (cf. IAM-01);
4. Procedures for the regular rotation and renewal of keys are defined and implemented to ensure the security of the keys (cf. CRY-07);
5. All accesses and operations on the external KMS are logged and monitored to detect and respond to suspicious activities; and
6. The cloud service provider ensures that the external KMS is regularly checked for vulnerabilities (cf. OPS-25) and updated (cf. OPS-28) to meet current threats and technological developments.
CRY-18 Supplementary Information - Complementary Customer Criteria Cloud service customers ensure that their own key management procedures are compatible with the requirements of the external KMS and that they implement appropriate controls to ensure the security of their keys.

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen

3. Related Regulations

Regulations
Impressum