Insufficient validation during the key-import process may allow weak, back-doored, or otherwise compromised key material to be introduced, reducing the overall strength of subsequent cryptographic operations.
Crypto / Key / Threats / DEV
Introduction of Weak or Compromised Key Material During Import
CCC.KeyMgmt.TH04
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.KeyMgmt.CP22 | Key Import | Supports the ability to import externally generated keys into the KMS. |
Related Controls
| ID | Title | Description |
|---|---|---|
| CCC.KeyMgmt.CN04 | Validate Imported Keys | Accept only externally generated keys that meet approved cryptographic strength and provenance requirements. |
External Mappings
| Framework | ID | Remarks |
|---|---|---|
| MITRE-ATT&CK | T1600 | Weaken Encryption |