During an internal design review of a payment-processing server cluster, an auditor notes that the same Linux administrator can generate, load, and destroy the cryptographic keys used to protect stored cardholder data. The environment must comply with PCI DSS. Which of the following changes will BEST address this regulatory finding?
Implement split knowledge and dual control for all manual cryptographic key operations.
Enforce multifactor authentication and require administrators to change passwords every 60 days.
Enable AES-256 full-disk encryption on each database server that stores cardholder data.
Copy every new encryption key to an off-site, air-gapped tape library immediately after rotation.
PCI DSS requirement 3.6.6 mandates that any manual clear-text key-management activity be performed with split knowledge and dual control. Under this model, the key is broken into components that are controlled by at least two separate, authorized custodians, ensuring no single person ever has complete access to the cryptographic material. Implementing this control satisfies the auditor's observation and the specific regulatory constraint. Although full-disk encryption, frequent administrator password changes, and off-site key backups are valuable security measures, none of them directly fulfill PCI DSS's explicit dual-control requirement for key management.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is split knowledge and dual control in cryptographic key management?
Open an interactive chat with Bash
Why does PCI DSS require split knowledge and dual control for manual cryptographic key operations?
Open an interactive chat with Bash
How does split knowledge and dual control differ from other key management practices?