KPMG WP

KEY MANAGEMENT POLICY AND PRACTICE FRAMEWORK
R I S K A N D A D V I S O RY S E R V I C E S
ABSTRACT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . 2 BACKGROUND. . . . . . . . . . . . . . . . . . . . . . . . . . . 3 KEY MANAGEMENT . . . . . . . . . . . . . . . . . . . . . . 4 Key Management Controls .......................................5 Key Management Risk Factors .................................6 Key Management Trends ..........................................8 POLICY, PRACTICES, AND PROCEDURES . . . . . 10 Business Practice Disclosures................................10 Environmental Controls ..........................................11 Key Management Life Cycle Controls.....................14 Certificate Management Life Cycle Controls ..........16 Example Key Generation Ceremony .......................17 SUMMARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Appendixes.............................................................19 Appendix A: Standards Activities ...........................19 Appendix B: Key Generation Ceremony..................20 Appendix C: Glossary.............................................22 LIST OF FIGURES Figure 1: Key Life Cycle ............................................4 Figure 2: Software- versus Hardware-Based Cryptography............................................................6 Figure 3: Key Management Risk Factors ..................7
J A N U A R Y
2 0 0 2
A B S T R AC T
The secure administration and distribution of cryptographic keys, called key management, is a necessary and critical aspect of business risk mitigation. This white paper describes the significance of sound key management applicable to any application employing cryptography. Readers of this paper should have some familiarity with cryptography and its ability to protect information via data confidentiality, entity and data authentication, data integrity, and even non-repudiation. We have provided a historical perspective of cryptography along with a discussion of security controls, risk factors, and current trends that will affect key management processes. A framework of relevant policies, practices, and procedures is presented regarding business practice disclosures, key life cycle management, certificate life cycle management, and environmental controls. An overview of standards activities is given, along with an example key generation ceremony. This paper takes the position that business risk drives the need for cryptographic solutions, which in turn necessitates establishing and maintaining sound key management policies and practices. Cryptographic hardware, although preferred over software-based solutions due to key management risk factors, can enable good key management schemes, but documented and sensibly enforced key management procedures are still necessary. Furthermore, these key management policies, practices, and procedures should be periodically reviewed by an independent third party using industry-established criteria.
ACKNOWLEDGEMENT The support provided by nCipher Incorporated in the development of this white paper is greatly appreciated.
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
2002 KPMG LLP , the U.S. member firm of KPMG International, a Swiss association. All rights reserved. Printed in the U.S.A. Copies can be obtained or distributed with permission from KPMG LLP . 472BOS_0102
INTRODUCTION
Key management is the secure administration of cryptographic keys. A cryptographic key is merely data, a string of binary zeroes and ones that enable a cryptographic algorithm to manufacture ciphertext output from cleartext input. Cryptographic algorithms can provide encryption and decryption of information for data confidentiality, message authentication codes (MACs) for data integrity and entity authentication, as well as digital signatures for data integrity, entity authentication, and non-repudiation. Cryptography is also used in key management to achieve the confidentiality, integrity, authenticity, and non-repudiation of cryptographic keys, which is an integral part of sound key management practices. There are several ways to securely handle keys and other relevant keying material, and there are even more ways to mishandle and mismanage cryptographic keys. Improper key management is a constant threat to any application employing any form of cryptography, which dramatically and unnecessarily increases business risk. With the advent of public key cryptography, effective management of keys has become even more important, particularly in the case of management of private keys when integrity and authenticity must be provable to a third party (i.e., non-repudiation). A new community of users and integrators is relearning the importance of hardware-based cryptography and the importance of formal security evaluation and compliance testing.1 This paper discusses some of the historical aspects of cryptography, provides an overview of key management, and presents some current trends that will affect the policy and practices for key management. A synopsis of standards activities is presented, along with an example key generation ceremony that embodies the secure administration of cryptographic keys described in this paper.
FIPS PUB 140-2 Security Requirements for Cryptographic Modules and ISO 13491 Banking Secure Cryptographic Devices (Retail).
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
B AC K G R O U N D
Historically, symmetric cryptography (dating from Egyptian hieroglyphics circa 1900 B.C. to more recent use in World Wars I and II circa 1900 A.D.) required that the same cryptographic key, which must be shared between two communicating parties (i.e., the sender and the receiver), be securely exchanged using manual procedures. Today, symmetric keys are distributed electronically from the key-generation point to the operational sites by enciphering these keys with other symmetric keys called key enciphering keys (KEKs). The primary issue with symmetric key management schemes is establishing the first KEK, commonly called the initial key.2 The initial key, in order to maintain its confidentiality, is typically generated and securely exchanged as multiple key components. An organization must designate trusted individuals as key agents, with each key agent assigned a single key component. When all the components are securely combined under the supervision of a security officer, the symmetric key is recreated securely, so that no one individual has ever viewed or had access to the symmetric key. This labor-intensive process is still used in todays financial systems. The advent of asymmetric or public key cryptography provided a partial solution to the initial symmetric key problem. A symmetric key can be randomly generated by the sender and encrypted using the public key of the receiver. The receiver can then decrypt the enciphered symmetric key using his or her own private key. Clearly, this simplifies the process for exchanging the initial symmetric key, however it introduces to the sender issues regarding the integrity and authenticity of the receivers public key. Previously, the symmetric key manual procedures implicitly provided integrity and authentication between both parties.
Assurance concerning the integrity and authenticity of a receivers public key can be enhanced by using public key certificates, whereby the receivers identity is cryptographically bonded to his or her public key. In this key management practice, the sender relies on the receivers public key certificate, which has been issued by a trusted third party called a certification authority (CA). However, life is not so simple as to have one global CA for everyone and everything on the planet. Other issues also affect key management practices. The sheer number of asymmetric key pairs, public key certificates, and symmetric keys is dramatically increasing as cryptography proliferates in network infrastructures, remote devices, and business applications. Furthermore, cryptographic keys do not last forever; they must be periodically and securely replaced. The scalability and extensibility issues regarding key management are creating new challenges that could very well result in new and interesting problems and innovative solutions.
Some systems use multiple KEKs, but only the very first KEK is the initial key.
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
K E Y M A N AG E M E N T
Remember that key management is the secure administration and distribution of cryptographic keys throughout the entire key life cycle. Keys are generated, distributed, stored, used, recovered, and eventually terminated or possibly archived. Figure 1: Key Life Cycle depicts eight stages for a symmetric key or a private asymmetric key (the life cycles are the same) and seven stages for the asymmetric public key. The first stage for any key is always Key Generation, where the symmetric key or asymmetric key pair is created. From there, public and private keys take very different paths.
Installation is the stage where the key is successfully installed in each device (e.g., a typical Web farm may employ dozens of servers) at each operational site. Key Backup is the stage where the key is securely stored for the unlikely event of key loss due to unexpected power interruption or hardware failure. Thus, key recovery occurs when a key is securely retrieved from Key Backup and re-installed in the Key Installation stage. The next stage is the Key Usage stage, where the correct key is used for its intended purpose in an operational environment and where copies of keys used with multiple
Figure 1: Key Life Cycle
For an asymmetric private key (and a symmetric key) the next stage is typically Key Distribution, where the cryptographic key is securely transported to one or more operational devices and, potentially, backup systems. Key Distribution is possibly the most critical operation of the key life cycle, and carries the highest risk. The next two stages, Key Installation and Key Backup, may occur in parallel. Key
devices should be verifiably synchronized. All cryptographic keys have a limited life expectancy; therefore the next stage is Key Termination, where all instances (including backup) of a key are erased, except for the possibility of transferring it to the Key Archival stage. Archived keys are not kept forever, so eventually an archived key transfers to the Key Termination stage. Whenever an archived key is retrieved to
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
verify its previous use, the key moves temporarily to the Restricted Key Usage stage, and immediately thereafter is erased, thus migrating to the Key Termination stage. Archived keys should never be used in an operational environment. For an asymmetric public key, once the public key has been created in the Key Pair Generation stage, it should transfer to the Certification Registration stage. Once a certificate has been issued by a certification authority, the public key certificate transfers to the Certificate Repository stage. This stage simply denotes that the certificate is publicly available. Some protocols specify that the certificate be transmitted along with the transaction when a Certificate Repository is not used. The certificate then enters the Certificate Usage stage in parallel with the Key Usage stage for the asymmetric private key. All asymmetric key pairs have a limited life expectancy; therefore public key certificates eventually enter the Certificate Expiration stage. However, unlike Key Termination, certificates merely expire and there is no security or operational necessity to erase any copies of the certificate. Alternatively, if an asymmetric private key is known or suspected to be compromised, the private key must be terminated and the certificate should be automatically revoked, temporarily entering the Certificate Revocation stage. Eventually, even revoked certificates expire according to their validity date; therefore even revoked certificates migrate to the Certification Expiration stage. Note that there are other reasons in addition to an asymmetric key compromise for revoking certificates.3
KEY MANAGEMENT CONTROLS There are several universal key management controls that must be enforced throughout the key life cycle. 1. Private asymmetric keys and symmetric keys shall only exist in the following secure forms:4 As cleartext inside the protected memory of a tamper-resistant security module As ciphertext outside the protected memory of a tamper-resistant security module As two or more key fragments (e.g., key components, k-of-n key shares), either in cleartext or ciphertext, managed using dual control with split knowledge These three forms ensure that the confidentiality of private asymmetric and symmetric keys is absolute; no one must ever know these keys. 2. Public asymmetric keys are unrestricted by definition, therefore their confidentiality is not necessary; however, the integrity and authenticity of public asymmetric keys must be established, maintained, and verifiable. Public key certificates bind the users identity to the public key via the CAs signature on the certificate, and therefore ensure the integrity and authenticity of the certificate contents, including the public key it contains. 3. Key generation should use only approved algorithms (e.g., X9 standards) for random or pseudo-random number generation and random prime number generation. 4. Key separation is a security method whereby each key (or key pair) is generated for a particular purpose and is used for the sole purpose for which it was intended. 5. Key synchronization is the ability to verify that the same key (e.g., symmetric or asymmetric private key) is securely stored in one or more locations without compromising the security of the keys or the systems.
ANS X9.57 Certificate Management, and ISO 15782 BankingCertificate Management. ANS X9.24 Financial Services Key Management Using Symmetric Cryptography, and ISO 11568 Banking Key Management (Retail).
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
Figure 2: Software- versus Hardware-Based Cryptography
Software-Based Cryptography
Hardware-Based Cryptography
Cleartext
Cleartext
Cleartext
Cipher -text
Cipher -text
Cipher -text
Unprotected Memory
Unprotected
Protected Memory
K E Y M A N A G E M E N T R I S K FA C T O R S A single, generic set of key management policies and practices that satisfies these basic controls and can apply to all scenarios is simply not feasible. Rather, a comprehensive set of specific key management policies and, especially, practices must be chosen and implemented to effectively and appropriately mitigate the business risks in a given environment.5 Cryptography is based on mathematical algorithms (i.e., a software process) and cryptographic keys (i.e., data) running in either specialized hardware or as software on a dedicated or general-purpose computer. The more dedicated or specialized the hardware, the higher the degree of inherent security controls. Software-based cryptography is where the cryptographic algorithms, keys, cleartext data, and ciphertext data all reside in the unprotected memory of a general-purpose computer. Figure 2: Software- versus Hardware-Based Cryptography depicts the various components and highlights the security issues intrinsic in performing software-based cryptography. In this example, a symmetric encryption key is represented by the door key icon, the cryptographic algorithm is represented by the padlock icon, and the input data (cleartext) and output data (ciphertext) are shown as document icons.
In the hardware-based cryptography on the right, the brick wall represents physical and logical barriers where data is allowed to pass while the algorithm and key are kept secure in the protected memory of a tamper-resistant security device. Thus, hardware-based cryptography ensures the confidentiality, integrity, and authenticity of cryptographic keys and, further, provides assurance regarding the integrity and authenticity of the cryptographic algorithm, which reinforces the overall level of security. Irrespective of whether a particular application is using hardware- or software-based cryptography, the computer on which the application runs operates in both physical and logical environments that possess their own security characteristics ranging from uncontrolled to highly controlled. Hence, key management policy and practices must address the balance among operational requirements, the use of spe-
ANS X9.49 Secure Remote Access to Financial Services.
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
In the software-based cryptography on the left, all the components (i.e., algorithm, key, cleartext, ciphertext) reside in unprotected memory and are susceptible to duplication, modification, or substitution. The most susceptible element is the cryptographic key. A duplicated symmetric key allows an adversary to recover all encrypted data. A duplicated asymmetric private key allows an adversary to falsely generate digital signatures that would be attributed to the computer owner. A substituted or modified public key would allow a man in the middle attack, such that the adversary could intercept and change e-mails or transaction data undetected by the sender or receiver.
cialized devices, and the environmental security controls. Figure 3: Key Management Risk Factors depicts the interdependency between environmental and device controls.6 The x axis represents the environmental controls, ranging from uncontrolled (no security) to a controlled environment (highest security). Uncontrolled environments are public places (e.g., restaurants) where access control is not practical. Partially controlled environments are those where limited access can be assumed (e.g., a persons home) or restricted (e.g., office) via a simple physical token (e.g., house key, employee badge). Controlled environments are those where restricted access is actively enforced (e.g., data center) via stronger authentication methods (e.g., key pads, biometrics, smart cards) and monitoring either directly with human guards or indirectly with surveillance cameras. The y axis represents device-level controls ranging from a general-purpose device (low security) to a specialized device (highest security). General-purpose devices are desktop and laptop computers running open platform operating systems (e.g., Microsoft Windows 2000) and numerous applications, including software-based cryptography. Dedicated devices are typically general-purpose devices with computational capability to run some restricted applications and software cryptography (often, co-processors are used), often take advantage of removable media (e.g., smart card) to enable strong authentication of administrative staff, and may provide tamper-evident packaging (e.g., point of sale terminal). Specialized devices are restricted to performing cryptographic functions within a tamper-resistant housing (e.g., hardware security module) to enforce key management policy and practice schemes, such as key separation. These devices are often certified using established criteria in an accredited laboratory environment (e.g., the National Institute of Standards and Technologys NIST/NVLAP validation program using FIPS PUB 140-2 Security Requirements for Cryptographic Modules,7 the joint NIST/NSA NIAP program using ISO/IEC 15408 Common Criteria for Information Technology Security Evaluation).8
Figure 3: Key Management Risk Factors
Specialized Device Y = Device Controls
3 1
Uncontrolled Partial X = Environmental Controls
4 2
Controlled
Dedicated Device
General Purpose Device
Figure 3: Key Management Risk Factors shows four zones where the environments (uncontrolled, partially controlled, and controlled) intersect with the device types (general-purpose, dedicated, and specialized). The zones are described as follows: Zone 1 represents the lowest security with the highest risk scenario where a general-purpose (or dedicated) device is operated in an uncontrolled (or partially controlled) environment, such as a personal computer in a persons home. For low-value (and typically low-volume) transactions this may be sufficient depending on the business risk assessment. Zone 2 represents a scenario where a general-purpose (or dedicated) device is operated in a controlled environment. The controlled environment offers higher security and therefore lower risk than Zone 1; however due to the nature of the device, manual key management procedures must be relied on, and these manual key management procedures should therefore be integrated with operational and environmental controls. For low-value transactions this should be sufficient depending on the business risk assessment. Zone 3 represents a scenario where a specialized device is operated in an uncontrolled (or partially controlled) environment, such as an ATM. For higher-value transactions (e.g., deposit, with-
6 7
ISO 13491 BankingSecure Cryptographic Devices (Retail). For more information, see www.nvlap.nist.gov. Note that FIPS PUB 140-1 will be phased out and it is expected that all certifications will be transitioned to FIPS PUB 140-2 within 12 months of its approval date of May 25, 2001. For more information, see www.niap.nist.gov.
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
drawal, funds transfer), this may be sufficient depending on the business risk assessment. Note that in addition to the higher security, the specialized device will typically increase the applications transaction throughput as the computationally intense cryptography is off-loaded from the main processor to the specialized device. Zone 4 represents the highest security with the lowest risk where a specialized device is operated in a controlled environment, a combination often employed at a certification authority. Environmental controls may include multi-factor authentication (e.g., smart cards and biometrics) for administrative personnel, enforced dual control where one person is never allowed unsupervised access to the device, and sign in/out log sheets with monitored surveillance cameras. Device controls would include a tamper-resistant security module enforcing key confidentiality and separation, dual control, and, potentially, tamper detection and active countermeasures (e.g., automatic key erasure). Such devices and environmental security controls exist at most financial institutions and network processing centers, and at many military installations. Tomorrows key management challenges are in Zone 2 and Zone 3. The increasing focus on overall system security lies behind the general trend of moving away from general-purpose devices operating in uncontrolled environments (Zone 1) to the use of specialized devices operating in controlled environments (Zone 4). However, it is important to realize that as security controls increase on the x axis or the y axis, so does the cost of implementation. Hence, depending on a business risk assessment, alternatives in either Zone 2 or Zone 3 may provide an acceptable alternative. There are already dedicated devices (e.g., Web servers) operating in partially controlled environments, but as the demand for higher security increases, there will be an increase in use of specialized devices. The challenges of using specialized devices operating in uncontrolled or partially controlled environments include the capability and capacity to securely deploy and operate large numbers of these devices at remote or mobile locations while maintaining proper key management controls.
KEY MANAGEMENT TRENDS The ability to determine that adequate key management controls are in place requires periodic review of key management policies, practices, and procedures against some established criteria. In many cases, an examination of the key management policies, practices, and procedures by an independent third party is also necessary. For example, most financial networks and associations require that financial institutions and processors undergo a periodic examination of their key management policies, practices, and procedures by a professional security consultant or audit practitioner, similar to financial audits. In the past several years, these security exams have become commonplace and are now being performed more frequently by professional practitioners licensed by organizations such as the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).9 The advent of commercially available cryptography and the widespread acceptance of the Internet as the primary electronic commerce vehicle have sparked numerous initiatives embodying various cryptographic protocols and other technologies (e.g., smart cards, biometrics). Cryptography is becoming more and more integrated into network architectures, such as through the deployment of SSL, IPSec, and VPN protocols. Cryptography is also being widely adopted as a component of mainstream business applications such as securing e-mail using encryption and digital signatures, encrypting data stored on laptops, and protecting databases, and as part of emerging applications such as digital rights management and bank card payment systems (e.g., smart cards). As the use of cryptography continues to increase, several trends are emerging: Hardware-based cryptography for added security. Currently, many initiatives in the proof-of-concept (PoC) stage use softwarebased cryptography that is intended to be a temporary solution and does not promote sound key management policies, practices, and procedures. As these PoC projects transform into pilots or permanent production systems, these software-based solutions will migrate to cryptographic hardware or otherwise require extensive manual key management procedures to compensate for the inherent weaknesses of software-based cryptography. In either case, current key management controls will undergo restructuring and redesign, and controls will be created where none exist.
For more information, visit www.aicpa.org or www.cica.ca.
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
High scalability for diverse applications. The sheer proliferation of cryptography will dramatically increase the number of cryptographic keys generated, distributed, installed, used, and eventually terminated. This proliferation will stress the scalability of key management software and the key storage mechanisms that will be forced to manage more and more cryptographic keys. Application-specific security policies to reflect business risk. The increasing diversity of business applications using cryptographic functionality (e.g., data encryption, message authentication, digital signatures, secure time stamping, and transaction authorization) will likewise require distinct security policies and key management practices that are tailored to each unique business application. As security applications are introduced and new online services launched, it will be important to assess the sources of risk and cost of compromise on a case-by-case basis in order to define the appropriate security policies. New algorithms and policies to suit new applications. The multiplicity of application and host environments including wireless, and handheld devices, such as laptops, cellular phones, and personal digital assistants may ultimately drive the use of various new cryptographic algorithms and communication protocols, many of which are not interoperable. Numerous algorithms (e.g., ECC, AES) are specified in recent standards and will drive a requirement for flexible key management practices that can, if necessary, be algorithm independent. Furthermore, bandwidth limitations and storage capabilities will affect where, when, and how keys are generated and distributed. Remote key management to reduce administrative burden. The widespread distribution of cryptographic keys will require remote key management methods and techniques to enforce key separation and provide automatic key synchronization between geographically dispersed systems. Remote key management will be problematic, as keys must be managed from a centralized site in some cases and multiple sites in other cases as evolving business requirements and globalization issues dictate. The ability to securely administer cryptographic keys and devices from a remote location will become an important feature of any security architecture. Delegation of authority and automated systems. This same propagation of cryptography illustrates that key management will migrate from security officers with specialized skills and experience to operational staff with more general knowledge and less
K E Y
appreciation for sound key management practices. Therefore, more automated key management tools coupled with remote key management capability will emerge. Such automation will promote the use of software "trusted agent" tools that may be developed by one company, installed at a second company, and operated by yet another "trusted" third party. Regulatory and statutory criteria. More and more industries and governments are adopting requirements, guidelines, or specifications for securing electronic data. Examples include the European Union 1995 Data Protection Directive, the U.S. 1996 Federal Healthcare Insurance Portability and Accountability Act (HIPAA), the MasterCard International and Visa International 1997 Secure Electronic Transaction (SET), the 1998 Identrus LLC security authentication framework specification, and the U.S. 2000 Federal Electronic Signature Act (E-Sign). These and many other initiatives will lead to a broad awareness of security issues and will help to establish a common understanding of countermeasures that can be taken. Real-time audit functionality. As more and more reliance is placed on automated key management tools used by less-trained operators in more complicated and distributed environments, the need for independent examination of how those tools are being used will need to increase. These examinations will move away from traditional latent audits and migrate toward real-time auditing with online information feeds that will enable specialized professionals to assess the relevant controls and ensure compliance to the stated security policies. The increased use of cryptography will affect how and where key management is performed, and will require new tools and methods that are still emerging. At the same time, the ability to assess the security features and verify the effectiveness of the security practices of these new methods is still a necessary ingredient for reducing business risk. There is always a need to balance among operational effectiveness, timeliness, and adequacy of security. Key management is an essential ingredient of maintaining sufficient security. This means that those individuals involved in daily operations have to be prepared and practiced for planned events (e.g., key generation) and unexpected events (e.g., disaster recovery). Therefore, key management policy, practices, and procedures are needed to ensure operational and security continuity.
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
P O L I C Y, P R AC T I C E S , AND PROCEDURES
All organizations must disclose their business practices to some degree. Publicly held companies are required to disclose certain business practices, while privately held organizations primarily share their business practices with board members, employees, and customers. Often, key management and security policy and practices are not publicly disclosed unless it is in the organizations best interest to do so, such as in the case of a certification authority. Regardless of business disclosure practices, key management policies, practices, and procedures are at the heart of achieving and maintaining sound key management. Key management policies define the organizations overriding requirements and strategy for the secure administration of cryptographic keys throughout a keys life cycle. Similarly, key management practices describe the organizations tactics to achieve those strategic policy goals. Key management procedures are the documented step-by-step tasks necessary for the secure daily cryptographic operations within an organization. Clearly it is in the best interest of any organization to establish and promote sound key management policies, practices, and procedures. The challenge in fulfilling these goals is to remain flexible enough to respond to the inevitable key management diversity, scalability, and extensibility issues that have been identified as trends in this paper. The following sections begin by describing the approach to policy setting at the business level followed by an overview of how this translates into a series of environmental controls. The section concludes with a review of specific key management practice statements, and introduces the key generation ceremony10 as an example of an operational procedure that embodies these various policies and practices.
BUSINESS PRACTICE DISCLOSURES This topic deals with an organizations policies regarding the disclosure of its key management and information privacy practices. An example of such a policy is a certification authoritys Certificate Practice Statement (CPS), which defines its business practices. Any service organization whose offerings or business applications employ any form of cryptography should have available business practice disclosures addressing their key management policy and practices. The benefits of having such disclosures are that a company can: Provide a level of assurance to its business partners and customers that its key management practices are sound, and as such imply that the organization has undertaken reasonable efforts to secure its systems and business applications. Provide documentation whereby its key management practices can be evaluated or tested to establish compliance with external standards, such as those defined to establish industrywide interoperability (e.g., the Identrus LLC framework specification for the international banking community). Satisfy legislative or regulatory requirements regarding due diligence and subsequent business disclosure for key management practices (e.g., EU Data Protection Directive, HIPAA). The appropriate level of detail for an organizations disclosures must be individually determined by each organization, taking into account federal, state, and local legislative requirements; industry regulations; potential legal liability; and business risk in the marketplace. Business practice disclosures should do the following: Define the various communities of interest that rely on or interact with the organization wherever cryptography and, hence, key management is used. For each community of interest, the type of interaction (e.g., Web site) available, the type of cryptography (e.g., SSL, PKI) used, and the corresponding key management schemes employed (e.g., certificates) should be described. This may include descriptions of the relevant industries, business partners, or customer markets.
10
ANS X9.79 PKI Practices and Policy Framework, and AICPA/CICA WebTrust SM/TM Program for Certification Authorities.
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
1 0
Provide the appropriate contact information (e.g., name, department, mailing address, phone number, e-mail address) for the individual(s) responsible for key management practices for each community of interest. This should include notification and escalation procedures for lost or stolen equipment. Where cryptographic devices or keys have been widely deployed and local or regional operational staff has been assigned to emergency response teams, this information is essential. Define the obligations of all participating parties and any applicable provisions regarding apportionment of liability or financial responsibility resulting from security breaches due to known or suspected key compromise. For example, a service provider might process transactions using equipment outsourced to a second entity, which includes a cryptographic device that contains keys belonging to the service provider, while its key management is outsourced to a third entity. Define the environmental control policies relative to all participants. This should describe or entail an approval process for acceptable physical security (e.g., locked doors and restricted access), facility and system access controls (e.g., employee badges, passwords, and biometrics), and business continuity controls (e.g., site locations, power requirements, media storage, and off-site backup). Define the key and certificate (where appropriate) life cycle management control policies relative to all participants for any cryptographic key generated, stored, or used by the organization. This should describe or entail an approval process for the acceptable cryptographic algorithms, key strengths and crypto-periods, key management protocols, and cryptographic hardware. For example, there will be long-term digital signature keys for legal documentsas well as short-term digital signature keys for access control. The relevant standards (e.g., ANSI, ISO, IETF) should also be identified. Define the organizations policies regarding the publication, revision, and distribution of the business practice disclosures, including intellectual property protection mechanisms (e.g., copyrights).
E N V I R O N M E N TA L C O N T R O L S This topic deals with an organizations policies and practices regarding environmental controls, including information security, asset classification and management, personnel security, physical access controls, operations management, system access controls, system development and maintenance, business continuity management, monitoring and compliance, and event handling. Environmental control information should be disclosed to allow relying parties to assess whether the organization maintains sufficient controls to meet their business requirements outlined on the following pages.
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
1 1
Environmental Controls
Environmental Activity Policy authority and practices
Control Objective for Environment Activities Organization has established and operates a policy authority to create and revise key management policy and practices, including: Roles and responsibilities (e.g., committee chair, vice chair, secretary) Titles and departments (e.g., vice president of internal audit) Revision and publication practices
Information security practices
Organization has documented and distributed its security practices and maintains controls to provide reasonable assurance that information security is properly managed according to its security practices, including: Registration and enrollment methods Authentication and authorization methods Distribution and affidavit methods References to asset classification practices
Asset classification practices
Security requirements for protecting each discrete category Security mechanisms for protecting each discrete category Personnel security practices Organization maintains controls over personnel and hiring practices to support the trustworthiness of the organization, including: Credentials validation Nondisclosure agreements Other verification methods for sensitive positions (e.g., security officer) Physical security practices Organization maintains controls for physical access to sensitive areas and equipment is limited to properly authorized individuals, and the facilities are protected from environmental hazards, natural or otherwise, including: Passive physical barriers Active intruder detection systems Physical access controls References to relevant documentation (e.g., business continuity plan) Operations management practices Organization maintains controls to ensure the correct and secure operation of IT systems, including: Systems failures prevention or detection mechanisms Viruses and malicious software protection Incident reporting and response escalation practices Theft or inadvertent damage of media or other hardware References to relevant documentation (e.g., business continuity plan)
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
1 2
Organization has established an asset classification scheme and all assets (e.g., equipment, data, facilities, personnel) have been properly identified and labeled, including:
Environmental Controls
Environmental Activity System access practices
Control Objective for Environment Activities Organization maintains controls to limit system access to properly authorized individuals, including: User access controls Network access controls Operating system access controls Application access controls Authentication mechanisms (e.g., passwords, tokens, biometrics) References to relevant documentation (e.g., ANSI, systems manuals)
Systems development and maintenance practices
Organization maintains controls to properly authorize systems development and maintenance activities, including: Software development life cycle (SDLC) Use of cryptography Separation between cryptographic test keys and production keys
Business continuity practices
Organization maintains controls to provide reasonable assurance of continuity of operations in the event of a disaster, including: Key management controls during the execution of a recovery plan References to relevant documentation (e.g., business continuity plan)
Monitoring and compliance practices
Organization maintains controls to ensure that its monitoring and compliance methods satisfy legislative or regulatory requirements, including: Event journals Backup and recovery of event journals Security controls to protect the journals from unauthorized destruction, tampering, or replacement References to relevant documentation (e.g., information security, asset classification, system access)
Key management trends will challenge current environmental practices as the use of portable devices in untrustworthy environments continues to increase. A trustworthy and controlled environment operated by one entity does not necessarily translate to an environment trusted by another entity.
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
1 3
KEY MANAGEMENT LIFE CYCLE CONTROLS This topic deals with an organizations policies and practices regarding the management of private asymmetric keys, symmetric keys, and other types of keying material (e.g., pseudo-random number generator seed values), including cryptographic hardware management. Key management life cycle control information should be disclosed to allow relying parties to assess whether the organization maintains sufficient controls to meet its business requirements in the following areas:
Key Management Life Cycle Controls
Key Management Activity Key generation practices
Control Objective for Key Management Activities Cryptographic keys are generated in accordance with industry standards, including: Random or pseudo-random number generation Prime number generation Key generation algorithms Hardware and software components Adherence to all relevant standards References to the key generation procedural documentation
Key storage, backup, and recovery practices
Asymmetric private keys and symmetric keys remain secret and their integrity and authenticity is retained, including Key separation mechanisms Hardware and software components Adherence to all relevant standards References to key storage, backup, and recovery procedures Business continuity management documentation
Key distribution practices
Secrecy of asymmetric private keys, symmetric keys, and keying material, and the integrity and authenticity of all keys and keying material are maintained during key distribution, including: Initial key distribution processes Subsequent key replacement processes Key synchronization mechanisms Adherence to all relevant standards References to the key distribution procedural documentation
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
1 4
Key Management Life Cycle Controls
Key Management Activity Key use practices
Control Objective for Key Management Activities Cryptographic keys are used only for their intended purpose, including: Business applications Key separation mechanisms Related crypto-periods Adherence to all relevant standards References to the business and system description documentation
Key destruction and archival practices
All active instances of the cryptographic key are properly erased (destroyed) at the end of their designated crypto-periods and archived keys are handled appropriately, including: Controls to maintain confidentiality, integrity, and authenticity Mechanisms to prevent an archived key from being reinstalled Adherence to all relevant standards Inclusion of references to the business and system documentation
Cryptographic hardware life cycle practices
Access to cryptographic hardware is limited to properly authorized individuals, and the hardware is functioning properly. The description should include: Controls for the device life cycle (e.g., shipping, inventory controls, installation, initialization, repair, and de-installation) Adherence to all relevant standards References to device documentation (e.g., product specifications, users manual) and certification (e.g., FIPS 140)
Key management trends will affect all aspects of the key management life cycle as the origination, usage, and location of keys become more diverse. Remote and automated key management mechanisms will proliferate in the near term and eventually be standardized.
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
1 5
C E RT I F I C AT E M A N AG E M E N T L I F E CYCLE CONTROLS This topic deals with an organizations policies and practices regarding secure management of public asymmetric keys, public key certificates, and attribute certificates, including the use of portable storage devices such as smart cards. Certificate management life cycle control information should be disclosed to allow relying parties to assess whether the organization maintains sufficient controls to meet their business requirements in the following areas:
Certificate Management Life Cycle Controls
Certificate Management Activity Subscriber registration practices
Control Objective for Certificate Management Activities Subscribers are properly identified and authenticated, and certificate request information is accurate and complete, including: Internal registration practices External registration services Registration authority interfaces Adherence to all relevant standards References to registration procedures
Certificate issuance practices
Certificates are generated and issued securely and accurately, including: Use of outsourced services (if appropriate) Naming conventions and extension fields Public key validation processes Adherence to all relevant standards References to external certificate service documentation (e.g., letters of agreement, contracts, other CPS)
Certificate distribution practices
Upon issuance, complete and accurate certificates are available to subscribers and relying parties, including: Out-of-band notification processes Databases and repositories Adherence to all relevant standards References to external distribution or storage services documentation
Certificate revocation practices
Certificates are revoked based on authorized and validated certificate revocations requests, including: Out-of-band notifications Certificate revocations list distribution Databases and repositories Adherence to all relevant standards References to external distribution or repository services documentation
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
1 6
Certificate Management Life Cycle Controls
Certificate Management Activity Certificate verification practices
Control Objective for Certificate Management Activities Certificates and certificate chains are properly verified, including: Verification mechanisms Databases and repositories Adherence to all relevant standards References to external distribution or repository services documentation
Token life cycle practices
Initialization, distribution, usage, and termination of portable tokens (e.g., smart cards) are properly managed, including: Controls for the token life cycle (e.g., shipping, inventory controls, installation, initialization, personalization, and termination) Adherence to all relevant standards References to device documentation (e.g., product specifications, users manual) and certification (e.g., FIPS 140)
Key management trends will significantly impact certificate management, particularly the ability to revoke widely distributed certificates. Shorter-term certificates reduce risk exposure but increase the frequency of key generation and certificate registration. Certificate validation services can reduce the revocation problem but require an online environment and are somewhat contrary to the original concept of a certificate that can be verified offline.
E X A M P L E K E Y G E N E R AT I O N CEREMONY As an illustration for this framework, a description of a key generation ceremony is included; however it is recommended that a detailed key generation script be developed and followed. Recognizing that the specific steps for key generation vary significantly across different applications and organizations, a CA has been chosen as a procedural example because it is typical of a high-end security application and has been widely tested in the field. Given the ceremony should take into account the application software and version number that is to be implemented, the cryptographic devices that are used, and the organizations requirements for private key protection and disaster recovery, only a general description is feasible. Each organization must develop its own customized key management procedures that are specific to that organizations needs. Appendix B: Key Generation Ceremony provides an overview of a rudimentary script for the generation of a CA asymmetric key pair, with additional notes regarding special consideration for the generation of a root CA key pair.
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
1 7
S U M M A RY
Key management risk factors should be evaluated for every application that employs cryptography. A proper business risk assessment will identify the security requirements needed to protect application data regarding its confidentiality, integrity, message and entity authenticity, and even non-repudiation. In circumstances where cryptography is determined to be a viable security measure, the environmental controls available regarding the protection of the cryptographic hardware, software, and keys should likewise be evaluated. In applications that require more than basic security levelsfor example those that generate high volumes of transactions or where corruption of individual transactions represents a tangible financial loss or breach of privacy specialized cryptographic hardware should be considered as a necessary security control to protect cryptographic keys and keying material. The use of special-purpose cryptographic hardware can compensate for environmental control weaknesses, in the context of both internal and external attacks, and can enhance the security of key management practices and procedures to achieve desired security levels. The decision to use cryptographic hardware will, in and of itself, not guarantee the secure administration of keys throughout their life cycles. Rather, sound key management policies, practices, and procedures are necessary to ensure the constant supervision of cryptographic keys. The trends discussed in this paper describe some of the areas that will affect key management. Organizations that are now or will be employing cryptography should review their key and certificate management life cycle practices and environmental practices to determine that business risks have been sufficiently considered. The versatility of cryptography as the basis for secure applications will naturally lead to numerous key management schemes. Therefore there cannot be a generic set of key management practices and procedures for all applications or organizations. Thus, every organization must develop and maintain its own suite of key management policies, practices, and procedures. Periodic examinations by an independent third party using industry-recognized standards, such as the ANS X9.79 PKI Practices and Policy Framework and the AICPA/CICA WebTrust SM/TM Program for Certification Authorities, should become an important aspect of risk management, enhancing the trust of employees, customers, business partners, and other relying parties.
All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation.
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
1 8
APPENDIXES
A PPENDIX A: S TANDARDS ACTIVITIES
The ANSI X9 and ISO standards for symmetric key management have been established for over ten years, with revisions every five years per the ANSI procedures, or on an as-needed basis (e.g., X9 standards using single DES encryption have either been withdrawn or revised to triple DES encryption).11 Similarly, many ANSI X9 and ISO standards for asymmetric key management have been recently published or are in progress. In parallel to the X9 standards, auditing standards for certification authorities (CAs) relating to asymmetric key management have also been published. The financial services industry often leads the development of standards regarding key management techniques and has established the ability to validate compliance against those standards. The American National Standard (ANS) X9 Technical Guideline #3 (TG-3) PIN Audit Security Guideline was adopted by the Electronic Funds Transfer Association's (EFTA) Network Executive Council (NEC) so that electronic funds transfer (EFT) networks could agree on a common set of personal identification number (PIN) and key management criteria. Most of the EFT networks require their members to periodically undergo a TG-3 examination either by their internal auditors or a thirdparty accounting firm. X9 TG-3 addresses PIN and related key management security controls based on two other American National Standards, X9.8 PIN Management and Security and X9.24 Financial Services Key Management Using Symmetric Cryptography.
Recently, the PKI Forum12 endorsed the ANS X9.79 PKI Practices and Policy Framework standard and the corresponding document from the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA), the WebTrust SM/TM Program for Certification Authorities. These companion standards enable an experienced practitioner to perform an examination of the controls implemented by a certification authority (CA). A large portion of the controls described in these standards address the CA environmental controls and the key management controls. The AICPA and the CICA issued a press release in May 2001 announcing that the Microsoft Corporation selected the WebTrust SM/TM for Certification Authorities (or its equivalent) as part of its program for accepting CAs wishing to distribute their root certificates through Microsoft software. Key management has become an integral part of the ISO and ANSI standards, and is now being integrated into industry and accounting standards.
11 12
For more information, visit www.x9.org and www.iso.ch. For more information, visit www.pkiforum.org.
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
1 9
A PPENDIX B: K EY G ENERATION C EREMONY
The following is a rudimentary script for the generation of a CA asymmetric key pair.
List of Participants and Preparation
The participants for a key generation ceremony will vary depending upon the type of key management scheme employed. Each participant has a specific role and responsibility, such as: Operation Manager. This individual is responsible for the equipment and the facility in which the equipment resides, including computer hardware and software, host security modules (HSMs), and physical safes to store cryptographic keying material. Key Manager. This individual is responsible for orchestrating the key generation ceremony according to the organizations policies and procedures. This includes scheduling, organizing, and supervising the participants before, during, and after the execution of the key ceremony script per the organizations procedures. Key Administrators. These individuals are responsible for handling cryptographic keying material and following the key generation ceremony script. The actual number of administrators and their exact duties will vary widely depending on the PKI vendor product, the cryptographic devices, the key management schema, and the organizations procedures. For example, if key components are used to securely store symmetric keys, at least two administrators are necessary to maintain split knowledge. Another schema might be the Shamir k-of-n Secret Sharing Scheme, which requires a subset (k) of all administrators (n) to perform key management tasks.13 For a 3-of-5 scheme, five administrators would be necessary. Witnesses. These individuals are present to observe the key generation ceremony, but typically do not actively participate in the actual key management practices. The purpose of witnesses is to provide a level of assurance that the key generation ceremony took place under proper controls. For certain high-assurance applications, such as a root CA, the Equipment Installation and Initialization process may be observed by an auditor and/or other witnesses and/or videotaped.
Another important aspect of proper preparation is that all participants practice the key management procedures prior to actual execution. Performing a key generation walkthrough allows each participant to gain an understanding of his or her role and responsibilities. A walkthrough is also a good method to identify potential problems so that procedures can be adjusted accordingly.
Equipment Installation and Initialization
Prior to the start of the key generation ceremony, the CA hardware and software is properly configured within a controlled environment that is physically secure. This configuration process should include installation of the host operating system, smart card, or storage devices, and CA software from original shrink-wrapped packaging. Often, procedures for configuring the CA hardware and software are provided by the vendor in separate documentation packages.
Witnessing and Record Keeping
All participants observe the key generation ceremony events and one or more witnesses (potentially including an external auditor) should make a notation on their copies of the script to indicate whether each step was successfully performed in accordance with the script, or if deviations occurred. At the conclusion of the ceremony, an "official copy" of the script should be updated by the Key Manager to reflect any deviations from the planned script prior to having it signed by all participants and witnesses indicating that the steps were followed as documented.
Hardware Security Module Initialization
Typically, a newly installed HSM is pristine, meaning it does not contain any keying material. Similar to the CA hardware and software, the HSM must be properly configured within a controlled environment that is physically secure. Typically, procedures for installing and configuring the HSM are provided by the vendor in separate documentation.
Key Generation Procedures
The precise step-by-step procedures will vary greatly depending upon the PKI vendor product, the cryptographic devices, and the key management schema. Procedural steps are often grouped into tasks, causing the Key Manager to pause the key generation ceremony to ensure that each task (or step) has been completed successfully. This is part of the witness and record-keeping processes.
13
A. Shamir, How to share a secret, Communications of the ACM 22 (1979), 612-613.
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
2 0
Ceremony Examination and Validation
With regard to the examination of a key generation ceremony, the procedures themselves provide evidence that proper key management practices were followed. The examination can be concurrent with the key generation ceremony so that a professional practitioner is present as an observer (witness) during the key generation ceremony. Otherwise, the examination can occur after the fact if sufficient evidence is maintained to demonstrate that appropriate key generation policies and procedures were followed. For example, if the key generation ceremony were to be videotaped, the professional practitioner could review the videotape. In addition, a checklist (script)dated and signed by the key generation ceremony participantsshould be used to provide additional evidence that proper key management procedures were followed.
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
2 1
A PPENDIX C: G LOSSARY
Term AES AICPA ANS ANSI ATM CICA Ciphertext Cleartext DES
Description Advanced Encryption Standard American Institute of Certified Public Accountants is the United States professional practice organization for accountants. American National Standard is an industry standard developed by an ANSI-accredited standards body, such as the X9 Committee. American National Standards Institute is the United States national standards body registered with ISO as a country member. Automated teller machine is an unmanned terminal providing online access to financial transactions. Canadian Institute of Chartered Accountants is the Canadian professional practice organization for accountants. Data in its enciphered form. Data in its original, unencrypted form. Data Encryption Standard is the Federal Information Processing Standard (FIPS) Publication 46-1 that defines the data encryption algorithm (DEA). The DEA is also described in ANS X3.92. A process of using two or more separate entities (usually persons) operating in concert to protect sensitive functions or information whereby no single entity is able to access or use the materials (e.g., cryptographic key). Elliptic curve cryptography ISO is not an acronym, although it is a common belief that it means the International Standards Organization. Rather, ISO is a word, derived from the Greek isos, meaning equal, which is the root of the prefix iso-, such as isometric and isonomy. Key enciphering key is a symmetric key generated and used for the sole purpose of protecting other symmetric keys (e.g., master key, session key). Message authentication code is an integrity value that is cryptographically derived from a message so that the modification or substitution of either can be detected. National Information Assurance Partnership National Institute of Standards and Technology National Security Agency National Voluntary Laboratory Accreditation Program Personal identification number is a 4- to 12-digit number used by financial institutions to authenticate their customers at an ATM for cash withdrawal and at POS devices for debit transactions.
Reference www.nist.gov/aes www.aicpa.org www.x9.org www.ansi.org
www.cica.ca ANS X9.24 ISO 11568 ANS X9.24 ISO 11568

www.nist.gov
Dual Control
ANS X9.8 ANS X9.24 ISO 11568 ANS X9.63 www.iso.ch
ECC ISO
KEK MAC
ANS X9.24 ISO 11568 ANS X9.9 ANS X9.19 ISO 16609 www.niap.nist.gov www.nist.gov www.nsa.gov www.nvlap.nist.gov ANS X9.8 ISO 9564
NIAP NIST NSA NVLAP PIN
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
2 2
Term PKI
Description Public key infrastructure is a framework of hardware, software, people, processes, and policies that employs digital signature technology to facilitate a verifiable association between the public component of an asymmetric public key with a specific subscriber that possesses the corresponding private key. The public key may be provided for digital signature verification, authentication of the subject in communication dialogues, and for message encryption key exchange or negotiation. Point of sale terminal is a merchant device typically consisting of a magnetic stripe reader, a keypad, a display window, and a telephone dialer for obtaining credit or debit card authorization. Rivest Cipher; symmetric cryptographic algorithm so named for its inventor, Ron Rivest. The CA at the top of the CA hierarchy. Asymmetric cryptographic algorithm named for the original paper, R. Rivest, A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and Public Key Cryptosystems," Communications of the ACM, 21(2): 120-126, February 1978. A condition under which two or more parties separately and confidentially have custody of components of a single key that, individually, convey no knowledge of the resultant cryptographic key. A characteristic that provides visual evidence that an attack has been attempted. A characteristic that provides passive physical protection against an attack.
Reference ANS X9.79
POS
RC5 Root CA RSA
ANS X9.79
Split Knowledge
ANS X9.8 ANS X9.24 ISO 11568 ANS X979 ANS X9.79
Tamper Evident Tamper Resistant
K E Y
M A N A G E M E N T
P O L I C Y
A N D
P R A C T I C E S
F R A M E W O R K
2 3

KPMG WP

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

KPMG WP

Enviado por

Direitos autorais:

Formatos disponíveis

KEY MANAGEMENT POLICY AND PRACTICE FRAMEWORK

Figure 1: Key Life Cycle

Figure 2: Software- versus Hardware-Based Cryptography

ANS X9.49 Secure Remote Access to Financial Services.

Figure 3: Key Management Risk Factors

Specialized Device Y = Device Controls

General Purpose Device

For more information, visit www.aicpa.org or www.cica.ca.

Environmental Activity Policy authority and practices

Information security practices

Asset classification practices

Environmental Activity System access practices

Systems development and maintenance practices

Business continuity practices

Monitoring and compliance practices

Key Management Life Cycle Controls

Key Management Activity Key generation practices

Key storage, backup, and recovery practices

Key distribution practices

Key Management Life Cycle Controls

Key Management Activity Key use practices

Key destruction and archival practices

Cryptographic hardware life cycle practices

Certificate Management Life Cycle Controls

Certificate Management Activity Subscriber registration practices

Certificate issuance practices

Certificate distribution practices

Certificate revocation practices

Certificate Management Life Cycle Controls

Certificate Management Activity Certificate verification practices

Token life cycle practices

A PPENDIX A: S TANDARDS ACTIVITIES

A PPENDIX B: K EY G ENERATION C EREMONY

A. Shamir, How to share a secret, Communications of the ACM 22 (1979), 612-613.

Ceremony Examination and Validation

Reference www.nist.gov/aes www.aicpa.org www.x9.org www.ansi.org

www.cica.ca ANS X9.24 ISO 11568 ANS X9.24 ISO 11568

ANS X9.8 ANS X9.24 ISO 11568 ANS X9.63 www.iso.ch

NIAP NIST NSA NVLAP PIN

Reference ANS X9.79

RC5 Root CA RSA

Tamper Evident Tamper Resistant

Você também pode gostar