SC-12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT
Page last updated:
It is a deployer responsibility to define all cryptographic key management policies and procedures. PCF satisfies all implied technical control requirements. For all PCF releases v1.12.0 and above, all certificates and keys in the environment can be rotated by the deployer, including the “non-configurable” certificates in Ops Manager. Procedures exist explaining how to rotate keys for Ops Manager and IPsec.
Rotation of the Cloud Controller mysql database key is supported in releases after v2.2.
More information on cryptographic key management is available on the following pages:
- IPsec credential management
- Ops Manager credential management
- CredHub Overview
- CredHub in PCF
- CredHub for Tile Developers
The organization establishes and manages cryptographic keys for required cryptography employed within the information system in accordance with [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction].
Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. Organizations define key management requirements in accordance with applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance, specifying appropriate options, levels, and parameters. Organizations manage trust stores to ensure that only approved trust anchors are in such trust stores. This includes certificates with visibility external to organizational information systems and certificates related to the internal operations of systems.