As the CISO, you have been tasked with the execution of the company's key management program. You MUST ensure the integrity of encryption keys at the point of generation. Which principal of encryption key control will ensure no single individual can constitute or re-constitute a key?
Split knowledge is the principle that ensures that no single individual can constitute or re-constitute a key. It requires that key components are divided among multiple parties, and that no party independently has enough information to recreate the entire key. This ensures the integrity and security of the encryption keys at the point of generation.
The answer is "C". The person given reference should have read this own reference doocument. It clearly says that Split Knowledge is needed to constitute and re constitute keys
Dual Control means that no one person should be able to manage your encryption keys. Creating, distributing, and defining access controls should require at least two individuals working together to accomplish the task. ---- Split Knowledge applies to the manual generation of encryption keys, or at any point where encryption keys are available in the clear. More than one person should be required to constitute or re-constitute a key in this situation. Seems A the right answer
Answer is C: Split Knowledge
A or C?
Split Knowledge applies to the manual generation of encryption key
Generation point here is key
When we look at the definition of split knowledge and dual control, dual control means that it takes more than one individual to create this key rotation ceremony. When we look at split knowledge, it says that when we create the key, no one individual has any knowledge of the resulting key.
Reference: NIST Special Publication 800-57 Part 1 Rev. 5: Recommendation for Key Management – Part 1: General "Split knowledge is a condition under which two or more parties separately have key components that individually convey no knowledge of the resultant cryptographic key. Only when combined can the key be reconstituted."