Key management strictly adheres to the OWASP guidelines
Key Access
All encryption keys must be protected in such a way that only authorized users and applications may access the keys. The media used to store the keys must be physically distinct from the media protected by the keys themselves.
Disaster Recover Testing
Key recovery shall to be a required component of any DR testing plan.
Key Lifecycle
The summary of the key lifecycle is as follows
- Key (Pair) Generation
- Distribution
- Usage
- Termination
There is no archival or backup phase of the ZUAR key management cycle.