7.9 Policy for cryptographic key management exists and is enforcedΒΆ
Verify that there is an explicit policy for how cryptographic keys are managed (e.g., generated, distributed, revoked, and expired). Verify that this key lifecycle is properly enforced.
Levels: 2, 3