Cryptographic Key Management Policy Template
Purpose
The purpose of this policy is to ensure the proper lifecycle management of encryption keys to protect the confidentiality and integrity of confidential information.
Scope
Confidential and personal information processed, stored or transmitted on or in company owned, managed and controlled systems and applications deemed in scope by the ISO 27001 scope statement.
Principle
Cryptographic Key Management is based on the OWASP guidelines – https://cheatsheetseries.owasp.org/cheatsheets/Key_Management_Cheat_Sheet.html
Cryptographic keys are classified as Confidential.
Cryptographic Key Management Policy Template Contents
Document Version Control 2
Document Contents Page 3
Purpose 5
Scope 5
Cryptographic Key Management Policy 5
Principle 5
Generation 5
Distribution 6
Storage 6
Escrow and Backup 7
Accountability and Audit 8
Key Compromise and Recovery 10
Trust Stores 13
Cryptographic Key Management Libraries 14
Policy Compliance 15
Compliance Measurement 15
Exceptions 15
Non-Compliance 15
Continual Improvement 15
High Table ISO 27001 Store
The High Table ISO 27001 store for ISO 27001 policies and ISO 27001 ISMS documents is built on 20 years of experience and real world usage, used to pass hundreds of ISO 27001 audits globally.
Reviews
There are no reviews yet.