+CRY-19.01B

1. Overview

CRY-19.01B

The cloud service provider implements procedures and technical safeguards to ensure the secure handling of cryptographic keys managed by cloud service customers. In these procedures, the following aspects are considered:

1. Secure integration of customer-generated keys ('Bring-Your-Own-Key'; BYOK) into the cloud environment;
2. Logging of all activities related to customer-managed keys; and
3. Definition of access control mechanisms to enable that only authorised users can gain access to customer-managed keys.

Summary	Standard

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html