Encryption & Key Management Archives - Findings

Who has administrative access to the keys?

Who has administrative access to the keys?

Is customer data encrypted at rest?

Is customer data encrypted at rest?

Do you provide encryption and key management for secure communications, data protection and data digital signing?

Do you provide encryption and key management for secure communications, data protection and data digital signing?

Are there formal policies and procedures in place?

Are there formal policies and procedures in place?

Is there a proper implementation of PKI or other key management systems to ensure communication and data protection?

Is there a proper implementation of PKI or other key management systems to ensure communication and data protection?

Do you have a Hardware Security Module (HSM)?

Do you have a Hardware Security Module (HSM)?

Do you store encryption keys in the cloud?

Do you store encryption keys in the cloud?

Do you have separate key management and key usage duties?

Do you have separate key management and key usage duties?

Do you have platform and data appropriate encryption that uses open/validated formats and standard algorithms?

Do you have platform and data appropriate encryption that uses open/validated formats and standard algorithms?

Are your encryption keys maintained by the cloud consumer or a trusted key management provider?

Are your encryption keys maintained by the cloud consumer or a trusted key management provider?

1
2