+CRY-11 Cryptographic Key Archival
---+CRY-11.01B

1. Overview

CRY-11 Cryptographic Key Archival

CRY-11.01B

The cloud service provider has documented and implemented procedures and technical safeguards for the secure archiving of cryptographic keys. These include:

1. Storage of archived keys in a repository to prevent unauthorised access;
2. Restriction of access to archived keys to authorised personnel based on the principle of least privilege;
3. Support of later recovery of information through archived keys;
4. Retention of archived keys only for as long as needed and secure destruction afterwards; and
5. Logging of all activities related to the storage and recovery of archived keys.

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html