Cryptographic controls Security Audit Checklist
Cryptographic controls Security Audit Checklist
Clause 12.3 ISO 17025
1. Policy on use of cryptographic controls
• Whether the organization has Policy on use of cryptographic controls for protection of information.
• Whether the policy is successfully implemented.
• Whether the cryptographic policy does consider the management approach towards the use of cryptographic controls, risk assessment results to identify required level of protection, key management methods and various standards for effective implementation.
2. Key Management
• Whether key management is in place to support the organizations use of cryptographic techniques.
• Whether cryptographic keys are protected against modification, loss, and destruction.
• Whether secret keys and private keys are protected against unauthorized disclosure.
• Whether equipments used to generate, store keys are physically protected.
• Whether the Key management system is based on agreed set of standards, procedures and secure methods.
Related documents
Advertisement
Sponsor sites:
1. Phrases For Performance Appraisals.
2. Interview questions and answers.
This entry was posted
on Wednesday, November 25th, 2009 at 4:52 am and is filed under ISO 27001 checklist.
You can leave a response, or trackback from your own site.
