3.7.7 Prevention of unauthorized substitution of cryptographic keys
Defined Approach Requirements
3.7.7 Key management policies and procedures are implemented to include the prevention of unauthorized substitution of cryptographic keys.
Customized Approach Objective
Cryptographic keys cannot be substituted by unauthorized personnel.
Defined Approach Testing Procedures
3.7.7.a Examine the documented key-management policies and procedures for keys used for protection of stored account data and verify that they define prevention of unauthorized substitution of cryptographic keys.
3.7.7.b Interview personnel and/or observe processes to verify that unauthorized substitution of keys is prevented.
Purpose
If an attacker is able to substitute an entity's key with a key the attacker knows, the attacker will be able to decrypt all data encrypted with that key.
Good Practice
The encryption solution should not allow for or accept substitution of keys from unauthorized sources or unexpected processes.
Controls should include ensuring that individuals with access to key components or shares do not have access to other components or shares that form the necessary threshold to derive the key.
purpose
Ensure personnel are trained on data retention and disposal requirements.
compliance strategies
- Annual training
- Awareness campaigns
typical policies
- Data Retention Training Policy
common pitfalls
- Untrained staff
- No training records
type
Training/Process Control
difficulty
Low
key risks
- Improper data handling
recommendations
- Track and document training completion
Eligible SAQ
- SAQ-D MERCHANT
- SAQ-D SERVICE PROVIDER
Your perspective on this PCI DSS requirement matters! Share your implementation experiences, challenges, or questions below. Your insights help other organizations improve their compliance journey and build a stronger security community.Comment Policy