Accept only externally generated keys that meet approved cryptographic strength and provenance requirements.
Crypto / Key / Controls / DEV
Validate Imported Keys
CCC.KeyMgmt.CN04 · Encryption
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.KeyMgmt.CP22 | Key Import | Supports the ability to import externally generated keys into the KMS. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.KeyMgmt.TH04 | Introduction of Weak or Compromised Key Material During Import | Insufficient validation during the key-import process may allow weak, back-doored, or otherwise compromised key material to be introduced, reducing the overall strength of subsequent cryptographic operations. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.KeyMgmt.CN04.AR01 | When a key import request is processed, the key MUST use an approved algorithm (RSA-2048+, EC-P256+) and originate from a certified HSM. | tlp-green |