Best practices: Managing cryptographic keys
- 26 Nov 2024
- 1 Minute à lire
- SombreLumière
- PDF
Best practices: Managing cryptographic keys
- Mis à jour le 26 Nov 2024
- 1 Minute à lire
- SombreLumière
- PDF
The content is currently unavailable in French. You are viewing the default English version.
Résumé de l’article
Avez-vous trouvé ce résumé utile ?
Merci pour vos commentaires
- Perform regular key rotation. Cryptographic key rotation should be executed on all keys at least once a year (i.e. scheduled bulk rotation), or even more frequently if required by the security policy in place. More frequent key rotations typically equate to better security.
- Perform on-the-fly key rotation. It is highly advisable to rotate keys as soon as they are added (i.e. on-the-fly rotation). Combining scheduled bulk rotation and individual on-the-fly rotation constitutes sound security policy.
- Handle old and compromised keys. Implement a strict policy regarding old and compromised keys. Such a policy should include procedures for retiring, archiving, destroying, or revoking such keys, and should also include steps to address suspected compromised keys.
- Limit key management privileges. Limit the number of users with administrative privileges for key management, e.g. Rotate Key, or Create Key. By default, these privileges are not assigned to imported or newly created users.
Cet article vous a-t-il été utile ?