Eleos | Home

Cryptography Encryption and Key Management (CEK)

Key Archival

Level N/A

Define, implement and evaluate processes, procedures and technical measures to manage archived keys in a secure repository requiring least privilege access, which include provisions for legal and regulatory requirements.

Parent

Compliance Framework

CCM v4.0.10

Control Number

CEK-18

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

5.31

8.24

SC-12

SC-12(1)

SC-12(2)

SC-12(3)

SC-28

SC-28(3)

PR.AC-1

PR.IP-4

PR.AC-4

ID.GV-3

CRY-09

CRY-09.3

Solutions
Community

Cryptography Encryption and Key Management (CEK)

Key Compromise

Level N/A

Define, implement and evaluate processes, procedures and technical measures to use compromised keys to encrypt information only in controlled circumstance, and thereafter exclusively for decrypting data and never for encrypting data, which include provisions for legal and regulatory requirements.

Parent

Compliance Framework

CCM v4.0.10

Control Number

CEK-19

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

5.31

8.24

SC-12

SC-12(1)

SC-12(2)

SC-12(3)

PR.AC-1

PR.DS-1

PR.DS-2

ID.GV-3

RS.MI-1

RS.MI-2

CRY-09

CRY-09.3

Solutions
Community

Cryptography Encryption and Key Management (CEK)

Key Recovery

Level N/A

Define, implement and evaluate processes, procedures and technical measures to assess the risk to operational continuity versus the risk of the keying material and the information it protects being exposed if control of the keying material is lost, which include provisions for legal and regulatory requirements.

Parent

Compliance Framework

CCM v4.0.10

Control Number

CEK-20

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

5.31

8.24

CM-3

CM-3(6)

CP-9

CP-9(8)

SC-12

SC-12(1)

SC-12(2)

SC-12(3)

PR.AC-1

PR.IP-9

PR.IP-4

ID.RA-5

ID.RA-4

RS.MI-1

ID.GV-3

CRY-09

CRY-09.3

Solutions
Community

Cryptography Encryption and Key Management (CEK)

Key Inventory Management

Level N/A

Define, implement and evaluate processes, procedures and technical measures in order for the key management system to track and report all cryptographic materials and changes in status, which include provisions for legal and regulatory requirements.

Parent

Compliance Framework

CCM v4.0.10

Control Number

CEK-21

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

5.31

8.24

SC-12

SC-12(1)

SC-12(2)

SC-12(3)

SC-12(6)

PR.AC-1

PR.IP-1

PR.IP-3

ID.GV-3

CRY-09

Solutions
Community

Datacenter Security (DCS)

Off-Site Equipment Disposal Policy and Procedures

Level N/A

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the secure disposal of equipment used outside the organization's premises. If the equipment is not physically destroyed a data destruction procedure that renders recovery of information impossible must be applied. Review and update the policies and procedures at least annually.

Parent

Compliance Framework

CCM v4.0.10

Control Number

DCS-01

Related

Compliance Framework

CIS v8.0

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

3.1

3.5

5.1

MP-6

MP-6(1)

MP-6(2)

MP-6(3)

MP-6(8)

MP-7(2)

MP-8

ID.GV-1

PR.IP-6

PR.DS-3

GOV-02

GOV-03

DCH-01

Solutions
Community

Datacenter Security (DCS)

Off-Site Transfer Authorization Policy and Procedures

Level N/A

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the relocation or transfer of hardware, software, or data/information to an offsite or alternate location. The relocation or transfer request requires the written or cryptographically verifiable authorization. Review and update the policies and procedures at least annually.

Parent

Compliance Framework

CCM v4.0.10

Control Number

DCS-02

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

5.1

5.14

AC-1

AC-4

CA-3

MP-5

MP-5(3)

SC-4

SC-4(2)

ID.GV-1

PR.DS-3

PR.MA-1

PR.PT-2

PR.PT-5

GOV-02

GOV-03

DCH-01

Solutions
Community

Datacenter Security (DCS)

Secure Area Policy and Procedures

Level N/A

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for maintaining a safe and secure working environment in offices, rooms, and facilities. Review and update the policies and procedures at least annually.

Parent

Compliance Framework

CCM v4.0.10

Control Number

DCS-03

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

5.1

PE-1

PE-6

PE-6(1)

PE-6(2)

PE-6(3)

PE-6(4)

SC-15

SC-15(1)

SC-15(3)

SC-15(4)

ID.GV-1

PR.IP-5

PR.AC-2

GOV-02

GOV-03

DCH-01

PES-01

Solutions
Community

Datacenter Security (DCS)

Secure Media Transportation Policy and Procedures

Level N/A

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the secure transportation of physical media. Review and update the policies and procedures at least annually.

Parent

Compliance Framework

CCM v4.0.10

Control Number

DCS-04

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number