Which of the following statements Is true whenever a cryptographic key Is retired and replaced with a new key?

QSA_New_V4 0 Comments

Which of the following statements Is true whenever a cryptographic key Is retired and replaced with a new key?
A . The retired key must not be used for encryption operations.
B . Cryptographic key components from the retired key must be retained for 3 months before disposal.
C . Anew key custodian must be assigned.
D . All data encrypted under the retired key must be securely destroyed.

Answer: A

Explanation:

Key Management Requirements:

PCI DSS Requirement 3.6.5 specifies that when a cryptographic key is retired, it must no longer be used for encryption operations but may still be retained for decryption purposes as needed (e.g., to decrypt historical data until it is re-encrypted with the new key).

Secure Key Retirement:

Retired keys should be securely stored or destroyed based on the organization’s key management

policy to prevent unauthorized access or misuse.

Reference in PCI DSS Documentation:

Section 3.6.5 emphasizes that retired keys must be rendered inactive for further encryption while allowing use for decryption, ensuring data continuity and compliance​.

Latest QSA_New_V4 Dumps Valid Version with 40 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download QSA_New_V4 PDF     QSA_New_V4 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments