3: Authentication
Protect keys and require at least two-party authentication for access to signing certificates. Other Information:
Having encryption and good certificate management is useless against a sophisticated attacker unless measures are taken to
protect those keys. One of the primary measures is two factor authentication. Attackers know to target credential repositories
like Active Directory. Keys should be well protected. Signing certificates should be air-gapped and access to them should
require at least two-party authentication, like in a missile silo.
Indicator(s):
|
