When to use this
Use this register to track cryptographic keys, owners, purpose, storage, lifecycle dates, rotation, revocation, and destruction.
Related controls
- A.8.24 Use of Cryptography
- Cryptographic Controls Policy
- Key Escrow and Emergency Recovery Checklist
Key register
| Key ID/name | Key type | Purpose | Owner | Storage/protection | Created | Expiry/rotation | Escrow? | Revoked/destroyed? | Evidence |
|---|---|---|---|---|---|---|---|---|---|
| TBD | Secret / Private / Public | TBD | TBD | KMS / HSM / vault / other | TBD | TBD | Yes/No | Yes/No | TBD |
Minimum checks
- Key owner identified.
- Key purpose documented.
- Storage/protection method approved.
- Rotation/expiry date defined.
- Revocation/destruction process defined.
- Escrow or recovery need assessed.
- Template
- Iso27001
- Technological controls
- Key management
Note Metadata
Aliases: Key Management Register
Source: 90 Templates/Cryptographic Key Management Register.md
Related Notes
- A.8.24 Audit Evidence Pack
- ISO 27001 A.8.24 - Use of Cryptography
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.24 Audit Checklist
- Cryptographic Controls Policy
- Key Escrow and Emergency Recovery Checklist
- Templates MOC