Back

Refrain from permitting cloud service providers to manage encryption keys when cryptographic key management services are in place locally.


CONTROL ID
13154
CONTROL TYPE
Technical Security
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Manage the use of encryption controls and cryptographic controls., CC ID: 00570

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • The cloud service customer should identify the cryptographic keys for each cloud service, and implement procedures for key management. Where the cloud service provides key management functionality for use by the cloud service customer, the cloud service customer should request the following informat… (§ 10.1.2 Table: Cloud service customer, ISO/IEC 27017:2015, Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services, First edition 2015-12-15)