- Is encryption used to secure critical data?
- Whether in all the locations where the critical data is stored is encrypted?
Yes. The encryption algorithm is AES 256 bits.
- What are the keys used in encryption?
The following keys are used,
How the DEK is generated?
- A data encryption key called DEK is used to encrypt the data
- A master encryption key called MEK is used to encrypt the DEK
Randomly generated by the application without any intervention by human users
Are we splitting the MEK?
Yes. MEK is split into two key components and distributed to two key custodians. Neither of the custodians have full knowledge of the key all by themselves.
How are the keys being stored?
The keys are stored in the following formats
Is there a Key Management Policy?
- The DEK is stored in a key file format in the database server
- The MEK is stored in the key file format in the application server
Yes. There is a thorough policy on Key Management with specific module to ensure modification of the keys as and when required. The retired keys are deleted in a secure manner to ensure that it is unconstructuable.
Does the CDE have a separate firewall?
Yes. It monitors the traffic in the following conditions
- Between the internet and the web server/merchant applications
- Between the web server/merchant applications and the App server
- Between the application server and the database server