Filter

Change Control and Configuration Management (CCC)

'Implement a procedure for the management of exceptions, including emergencies, in the change and configuration process. Align the procedure with the requirements of GRC-04: Policy Exception Process.'


Login

Change Control and Configuration Management (CCC)

Level N/A

Define and implement a process to proactively roll back changes to a previous known good state in case of errors or security concerns.


Login

Cryptography Encryption and Key Management (CEK)

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for Cryptography, Encryption and Key Management. Review and update the policies and procedures at least annually.


Login

Cryptography Encryption and Key Management (CEK)

Define and implement cryptographic, encryption and key management roles and responsibilities.


Login

Cryptography Encryption and Key Management (CEK)

Level N/A

Provide cryptographic protection to data at-rest and in-transit, using cryptographic libraries certified to approved standards.


Login

Cryptography Encryption and Key Management (CEK)

Use encryption algorithms that are appropriate for data protection, considering the classification of data, associated risks, and usability of the encryption technology.


Login

Cryptography Encryption and Key Management (CEK)

Establish a standard change management procedure, to accommodate changes from internal and external sources, for review, approval, implementation and communication of cryptographic, encryption and key management technology changes.


Login

Cryptography Encryption and Key Management (CEK)

Manage and adopt changes to cryptography-, encryption-, and key management-related systems (including policies and procedures) that fully account for downstream effects of proposed changes, including residual risk, cost, and benefits analysis.


Login

Cryptography Encryption and Key Management (CEK)

Establish and maintain an encryption and key management risk program that includes provisions for risk assessment, risk treatment, risk context, monitoring, and feedback.


Login

Cryptography Encryption and Key Management (CEK)

CSPs must provide the capability for CSCs to manage their own data encryption keys.


Login