Cryptographic Key Management Policy Template
The purpose of this policy is to ensure the proper lifecycle management of encryption keys to protect the confidentiality and integrity of confidential information.
Confidential and personal information processed, stored or transmitted on or in company owned, managed and controlled systems and applications deemed in scope by the ISO 27001 scope statement.
Cryptographic Key Management is based on the OWASP guidelines – https://cheatsheetseries.owasp.org/cheatsheets/Key_Management_Cheat_Sheet.html
Cryptographic keys are classified as Confidential.
Cryptographic Key Management Policy Template Contents
Document Version Control 2
Document Contents Page 3
Cryptographic Key Management Policy 5
Escrow and Backup 7
Accountability and Audit 8
Key Compromise and Recovery 10
Trust Stores 13
Cryptographic Key Management Libraries 14
Policy Compliance 15
Compliance Measurement 15
Continual Improvement 15