Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
March, 2007<br />
On a more frequent basis, the actions of the humans that use, operate and maintain the system<br />
should be reviewed to verify that the humans continue to follow established security procedures.<br />
Strong cryptographic systems can be compromised by lax and inappropriate human actions.<br />
Highly unusual events should be noted and reviewed as possible indicators of attempted attacks<br />
on the system.<br />
9.3 Key Management System Survivability<br />
9.3.1 Back-up Keys<br />
[OMB11/01] notes that encryption is an important tool for protecting the confidentiality of<br />
disclosure-sensitive information that is entrusted to an agency’s care, but that the encryption of<br />
agency data also presents risks to the availability of information needed for mission performance.<br />
Agencies are reminded of the need to protect the continuity of their information technology<br />
operations and agency services when implementing encryption. The guidance specifically notes<br />
that, without access to the cryptographic keys that are needed to decrypt information,<br />
organizations risk the loss of their access to that information. Consequently, it is prudent to retain<br />
back-up copies of the keys necessary to decrypt stored enciphered information, including master<br />
keys, key encrypting keys, and the related keying material necessary to decrypt encrypted<br />
information until there is no longer any requirement for access to the underlying plaintext<br />
information (see Tables 7-8 in Section 8.2.2.1).<br />
As the tables show, there are other keys for the operations of some organizations that may<br />
require the retention of back-up copies (e.g. public signature verification keys and authorization<br />
keys). Back-up copies of keying material shall be stored in accordance with the provisions of<br />
Section 6 in order to protect the confidentiality of encrypted information and the integrity of<br />
source authentication, data integrity, and authorization processes.<br />
9.3.2 Key Recovery<br />
There are a number of issues associated with key recovery. An extensive discussion is provided<br />
in Appendix B. Key recovery issues to be addressed include:<br />
1. Which keying material, if any, needs to be backed up or archived for later recovery?<br />
2. Where will backed-up or archived keying material be stored?<br />
3. Who will be responsible for protecting the backed up or archived keying material?<br />
4. What procedures need to be put in place for storing and recovering the keying material?<br />
5. Who can request a recovery of the keying material and under what conditions?<br />
6. Who will be notified when a key recovery has taken place and under what conditions?<br />
7. What audit or accounting functions need to be performed to ensure that the keying<br />
material is only provided to authorized entities?<br />
9.3.3 System Redundancy/Contingency Planning<br />
Cryptography is a useful tool for preventing unauthorized access to data and/or resources, but<br />
when the mechanism fails, it can prevent access by valid users to critical information and<br />
processes. Loss or corruption of the only copy of cryptographic keys can deny users access to<br />
information. For example, a locksmith can usually defeat a broken physical mechanism, but<br />
115