Most orgs these days perform key rotation at least annually. However, what about key disposal?
Key disposal should go hand-in-hand with disposition periods on one's retention policy, though seven (7) years is an answer if one does not have a retention policy.
Just remember how different the technology landscape was in 2009? Yeah, seven should do, predicated on the data classification...
No comments:
Post a Comment