SC-12 (2) - Symmetric Keys

Control requirements

SC-12 (2) - 0

The organization produces, controls, and distributes symmetric cryptographic keys using [IBM Assignment: Refer to Supplemental Guidance for Cryptography Governance] key management technology and processes.

Implementation guidance

See the resources that follow to learn more about how to implement this control.

• Data encryption at rest
• Data encryption in transit

IBM Cloud for Financial Services profile

The rules related to this control that follow are part of the IBM Cloud for Financial Services v1.2.0 profile in IBM Cloud® Security and Compliance Center.

• Check whether Hyper Protect Crypto Services encryption keys that are generated by the service are rotated automatically at least every # months
• Check whether Hyper Protect Crypto Services instance is enabled with a dual authorization deletion policy