Cryptographic key management processes, and supporting cryptographic key management procedures, are developed, implemented and maintained.
Topic
Cryptographic key management processes and procedures
Applicable to
all
History
Priority
should
Dec 2022
Cryptographic key management processes, and supporting cryptographic key management procedures, are developed, implemented and maintained.
Existing controls relating to the development and implementation of cyber security documentation were amended to ensure documentation is maintained throughout its lifetime.
Jun 2022
Cryptographic key management processes, and supporting cryptographic key management procedures, are developed and implemented.
The ISM previously recommended the use of key management plans. This recommendation was reintroduced and amended to cover the development and implementation of cryptographic key management processes and procedures for all systems that employ cryptography. Note, specific requirements for cryptographic key management involving High Assurance Cryptographic Equipment (HACE) are covered by the ACSC’s suite of Australian Communications Security Instruction (ACSI) publications.
Nov 2018
Removed
Removed due to being covered by an ACSI.
2017
Agencies should develop a KMP when they implement a cryptographic system usingcryptographic equipment.
Control Added. No public explaination.
2010
Agencies should develop a KMP when they have implemented a cryptographic system using commercialgrade cryptographic equipment.
2008
Agencies should develop a KMP when they have implemented a cryptographic system.