Title

The remote user will back up and store the private encryption key in a secure location. (Cat II impact)

Discussion

If the encryption key is lost, the data will be nonrecoverable.

Check Content

Interview a sampling of remote users to verify that they store a copy of the private encryption key in a secure location (e.g., floppy disk, CD, etc.). If they do not follow this procedure, ask if they were trained on this requirement and examine the sites remote user agreement or training documentation for a description of this procedure. If the user is does not have a back up of the private key, this is a finding. If users are not available for interview and this requirement is not addressed in either user training or user access agreement, this is a finding.

Fix Text

Develop and implement a process to ensure a backup of the encryption key is stored in a secure location.

Additional Identifiers

Rule ID: SV-6817r1_rule

Vulnerability ID: V-6669

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.