IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
If a key being used is suspected of having been disclosed, its use should be
discontinued and all participants should be informed. Information already
encrypted with this key should be decrypted and encrypted with a different
key.
Destroying keys
Keys which are no longer required (for example keys whose period of validity
has expired) must be deleted in a secure manner or destroyed (for example by
multiple deletion/overwriting and/or mechanical destruction of the data
medium). A general rule is that products with a key filing system that cannot
be controlled should not be used.
Additional controls:
- Has responsibility for encryption management been designated?
- Is the data that needs to be protected transferred separately from the
encryption keys?
- Are the keys in use changed frequently enough?
- Are the keys stored in a secure local environment?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000