Policy
Policy Name
Key Management Policy

Overview
Key Management is the practice of protecting cryptographic keys and systems from unauthorized modification or disclosure.

Statement
Key management tools and cryptographic keys must be carefully controlled and secured to include the following requirements:
  • Ensure keys are securely stored throughout their lifecycle.
  • Owners or custodians must be identified for secure handling of keys.
  • Keys must be properly retired or disposed of at the end of their lifecycle to prevent unauthorized use.
  • Keys must be properly recovered if lost.
  • There must be a proper change control process to securely generate new or change keys.

Justification
The following benefits will be achieved:
  • Cryptographic keys will be managed and controlled effectively
  • Improved protection and confidentiality of information

Scope
All employees, contractors, agents and third-parties

Consequeces for Noncompliance
Noncompliance to this policy can result in disciplinary action up to and including termination of employment or contract.

Topics
Key Management