P-SSCRM Documentation

E.3.8 Key rotation

Control Details

Objective

Limit the impact if a key is compromised.

Definition

Have a key rotation policy to ensure that compromised keys will cease to be usable after a certain period. Replace and revoke a private key immediately if it is known to have been compromised to shut off access.

Assessment Questions

  1. What is your key rotation policy?

Reference sources

  1. CNCF-SSC A-CE Build in a system for rotating and revoking private keys SC-SA: Have a key rotation policy