Key management strictly adheres to the OWASP guidelines

Key Access

All encryption keys must be protected in such a way that only authorized users and applications may access the keys.  The media used to store the keys must be physically distinct from the media protected by the keys themselves.

Disaster Recover Testing

Key recovery shall to be a required component of any DR testing plan.

Key Lifecycle

The summary of the key lifecycle is as follows

  • Key (Pair) Generation
  • Distribution
  • Usage
  • Termination

There is no archival or backup phase of the ZUAR key management cycle.