[PCI DSS 3.0] [PCI DSS 3.0] 3.6.7 Prevention of unauthorized substitution of cryptographic keys.

pcinetwork

PCINetwork.org Admin
#1
3.6.7 Prevention of unauthorized substitution of cryptographic keys.

3.6.7.a Verify that key-management procedures specify processes to prevent unauthorized substitution of keys.

3.6.7.b Interview personnel and/or observe processes to verify that unauthorized substitution of keys is prevented.

The encryption solution should not allow for or accept substitution of keys coming from unauthorized sources or unexpected processes.
 
Top