Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
March, 2007<br />
the KRI when required. It is the responsibility of the organization that needs to provide key<br />
recovery to ensure that the Key Recovery Policy, the key recovery methodology, and the Key<br />
Recovery System adequately protect the KRI.<br />
A KRS should:<br />
1. Generate or provide sufficient KRI to allow recovery or verification of protected<br />
information.<br />
2. Ensure the validity of the saved key and the other KRI.<br />
3. Ensure that the KRI is stored with persistence and availability that is commensurate with<br />
that of the corresponding cryptographically protected data.<br />
4. Any cryptographic modules used by the KRS shall be compliant with [FIPS140-2].<br />
5. The KRS shall use FIPS-Approved or NIST recommended algorithms, when<br />
cryptography is used.<br />
6. The strength of any algorithms used to protect KRI shall be commensurate with the<br />
sensitivity of the information associated with the KRI.<br />
7. The KRS shall be designed to enforce the Key Recovery Policy (see Section B.5).<br />
8. The KRS shall protect KRI against unauthorized disclosure or destruction. The KRS<br />
shall verify the source of requests and ensure that only requested and authorized<br />
information is provided to the requestor.<br />
9. The KRS shall protect the KRI from modification.<br />
10. The KRS shall have the capability of providing an audit trail. The audit trail shall not<br />
contain the keys that are recovered or any passwords that may be used by the system. The<br />
audit trail should include the identification of the event being audited, the time of the<br />
event, the identifier of the user causing the event, and the success or failure of the event.<br />
11. The KRS shall limit access to the KRI, the audit trail and authentication data to<br />
authorized individuals.<br />
12. It should not be possible to modify the audit trail.<br />
B.5 Key Recovery Policy<br />
For each system, application and cryptographic technique used, consideration shall be given as<br />
to whether or not the keying material may need to be saved for later recovery of the keying<br />
material to allow subsequent decryption or checking of the information protected by the keying<br />
material. An organization that determines that key recovery is required for some or all of their<br />
keying material should develop a Key Recovery Policy that addresses the protection and<br />
continued accessibility of that information 35 (see [DOD-KRP]). The policy should address (at a<br />
minimum):<br />
1. The keying material that needs to be saved for a given application. For example, keys and<br />
IVs used for the decryption of stored information protected by the keys and IVs may need<br />
35 An organization’s key recovery policy may be included in its PKI Certificate Policy.<br />
137