Family behaviour
Cryptographic keys must be managed throughout their life cycle. This family is intended to support that lifecycle and consequently defines requirements for the following activities: cryptographic key generation, cryptographic key distribution, cryptographic key access and cryptographic key destruction. This family should be included whenever there are functional requirements for the management of cryptographic keys.
Component levelling
FCS_CKM.1 Cryptographic key generation requires cryptographic keys to be generated in accordance with a specified algorithm and key sizes which can be based on an assigned standard.
FCS_CKM.2 Cryptographic key distribution requires cryptographic keys to be distributed in accordance with a specified distribution method which can be based on an assigned standard.
FCS_CKM.3 Cryptographic key access requires access to cryptographic keys to be performed in accordance with a specified access method which can be based on an assigned standard.
FCS_CKM.4 Cryptographic key destruction requires cryptographic keys to be destroyed in accordance with a specified destruction method which can be based on an assigned standard.
Management: FCS_CKM.1, FCS_CKM.2, FCS_CKM.3, FCS_CKM.4
The following actions could be considered for the management functions in FMT:
a) the management of changes to cryptographic key attributes. Examples of key attributes include user, key type (e.g. public, private, secret), validity period, and use (e.g. digital signature, key encryption, key agreement, data encryption).
Audit: FCS_CKM.1, FCS_CKM.2, FCS_CKM.3, FCS_CKM.4
The following actions should be auditable if FAU_GEN Security Audit Data Generation is included in the PP/ST:
a) Minimal: Success and failure of the activity.
b) Basic: The object attribute(s), and object value(s) excluding any sensitive information (e.g. secret or private keys).