Aspects
1
Controls
3
Requirements
3
| Aspect ID | Aspect Name | Control ID | Control Name | Requirement ID | Requirement | Level |
|---|---|---|---|---|---|---|
| 1.04 | Key Material Access | 1.04.1 | Grant/Revoke Documentation | 1.04.1.1 | The entity maintains checklists that cover all tasks that are completed when personnel vacate or transition into key holder roles within the entity. These checklists have been reviewed by knowledgeable personnel to ensure 'least privilege principles' are applied to the system, as well as necessary access where required. | Level I |
| 1.04 | Key Material Access | 1.04.2 | Approved Communication Channel | 1.04.2.1 | All key holder grant/revoke requests are conducted over Approved Communication Channels. | Level II |
| 1.04 | Key Material Access | 1.04.3 | Grant/Revoke Audit Trail | 1.04.3.1 | The entity's checklists include auditing information that record the identity of personnel that perform the grant/revoke operations. Each entry within the audit trail is attested to by personnel who performed that task. | Level III |
Page 1 of 1