Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
March, 2007<br />
Management Specification shall identify where human and automated tracking actions are<br />
required and where two-person integrity is required, if applicable. Section 9.1 of this<br />
recommendation provides accountability guidance.<br />
10.2.9 Compromise Management and Recovery<br />
This section of the Key Management Specification should address any support for the<br />
restoration of protected communications in the event of the compromise of keying material used<br />
by the cryptographic device/application. The recovery process description should include the<br />
methods for re-keying. For PKI cryptographic applications, the implementation of Certificate<br />
Revocation Lists (CRLs) and Compromised Key Lists (CKLs) should be detailed. For system<br />
specifications, a description of how certificates will be reissued and renewed within the<br />
cryptographic application should also be included. <strong>General</strong> compromise recovery guidance is<br />
provided in Section 9.3.4 of this recommendation.<br />
10.2.10 Key Recovery<br />
This section of the Key Management Specification describes product support or system<br />
mechanisms for effecting key recovery. Key recovery addresses how unavailable encryption<br />
keys can be recovered. System developers should include a discussion of the generation, storage,<br />
and access for long-term storage keys in the key recovery process description. The process of<br />
transitioning from the current to future long-term storage keys should also be included. <strong>General</strong><br />
contingency planning guidance is provided in Section 9.3.3 of this recommendation. Key<br />
recovery is treated in detail in Appendix B, Key Recovery.<br />
122