Ctrl + K

3.7.1 Generation of strong cryptographic keys

Original requirement from PCI DSS v4.0.1

Defined Approach Requirements

3.7.1 Key-management policies and procedures are implemented to include generation of strong cryptographic keys used to protect stored account data.

Customized Approach Objective

Strong cryptographic keys are generated.

Defined Approach Testing Procedures

3.7.1.a Examine the documented key-management policies and procedures for keys used for protection of stored account data to verify that they define generation of strong cryptographic keys.

3.7.1.b Observe the method for generating keys to verify that strong keys are generated.

Purpose

Use of strong cryptographic keys significantly increases the level of security of encrypted account data.

Further Information

See the sources referenced at Cryptographic Key Generation in Appendix G.

purpose

Document and implement retention and disposal policies for stored account data.

compliance strategies

Data retention schedules
Automated data deletion

typical policies

Data Retention and Disposal Policy

common pitfalls

Data retained beyond necessity

difficulty

Moderate

key risks

Unnecessary data increases breach impact

recommendations

Automate and monitor data deletion

Your perspective on this PCI DSS requirement matters! Share your implementation experiences, challenges, or questions below. Your insights help other organizations improve their compliance journey and build a stronger security community.Comment Policy

Please enable JavaScript to view the comments powered by Disqus.Alternatively, you can view comments at our Disqus forum.

Link copied to clipboard!