Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
March, 2007<br />
access to information encrypted by a strong algorithm may not be practical without the correct<br />
decryption key. The continuity of an organization’s operations can depend heavily on<br />
contingency planning for key management systems that includes a redundancy of critical logical<br />
processes and elements, including key management and cryptographic keys.<br />
9.3.3.1 <strong>General</strong> Principles<br />
Planning for recovery from system failures is an essential management function. Interruptions of<br />
critical infrastructure services should be anticipated, and planning for maintaining the continuity<br />
of operations in support of an organization’s primary mission requirements should be<br />
accomplished. With respect to key management, the following situations are typical of those for<br />
which planning is necessary:<br />
1. Lost key cards or tokens,<br />
2. Forgotten passwords that control access to keys,<br />
3. Failure of key input devices (e.g., readers),<br />
4. Loss or corruption of the memory media on which keys and/or certificates are stored,<br />
5. Compromise of keys,<br />
6. Corruption of Certificate Revocation Lists (CRL) or Compromised Key Lists (CKLs),<br />
7. Hardware failure of key or certificate generation, registration, and/or distribution<br />
systems, subsystems, or components,<br />
8. Power loss requiring re-initialization of key or certificate generation, registration, and/or<br />
distribution systems, subsystems, or components,<br />
9. Corruption of the memory media necessary for key or certificate generation, registration,<br />
and/or distribution systems, subsystems, or components,<br />
10. Corruption or loss of key or certificate distribution records and/or audit logs,<br />
11. Loss or corruption of association of keying material to the holders/users of the keying<br />
material, and<br />
12. Unavailability of older software or hardware that is needed to access keying material or<br />
process protected information.<br />
While recovery discussions most commonly focus on the recovery of encrypted data and the<br />
restoration of encrypted communications capabilities, planning should also address 1) the<br />
restoration of access (without creating temporary loss of access protections) where cryptography<br />
is used in access control mechanisms, 2) the restoration of critical processes (without creating<br />
temporary loss of privilege restrictions) where cryptography is used in authorization<br />
mechanisms, and 3) the maintenance/restoration of integrity protection in digital signature and<br />
message authentication applications.<br />
Contingency planning should include 1) providing a means and assigning responsibilities for<br />
rapidly recognizing and reporting critical failures; 2) the assignment of responsibilities and the<br />
placement of resources for bypassing or replacing failed systems, subsystems, and components;<br />
and 3) the establishment of detailed bypass and/or recovery procedures.<br />
116