To protect keys used by Guardium please provide a more secured keystore option, either:
external keystore (such as an HSM)
pass key encrypted keystore file with the password stored in CyberArk
if neither of the above is technically feasible then the below must be met:
Passkey used for Passkey Based Encryption (PBE) must have the following length/complexity:
a. Information classified as Confidential, or higher relating to a single customer sent to that customer (including eStatements): minimum 8 alphanumeric characters including at least one upper and one lower case letter. In cases where character case is not supported, minimum length of 9 alphanumeric characters
b. All other instances of Information classified as Confidential, or higher including sending information relating to multiple customer/individuals: minimum 18 alphanumeric characters including at least one upper and one lower case letter. In cases where character case is not supported, minimum length of 21 alphanumeric characters.
c. Restricted Information: minimum 19 alphanumeric characters including at least one upper and one lower case letter. In cases where character case is not supported, minimum length of 22 alphanumeric characters.
i. The use of PBE for protection of Restricted Information is allowed only when the use of a key or certificate based encryption method is not technically feasible.
d. Legacy solutions already in production with random generated passkeys having a complexity of at least 6 alphanumeric characters are grandfathered until migration to next generation technology or major application/software version.
e. A passkey if distributed unencrypted must be sent using a channel that is not used to distribute PBE encrypted data (i.e., if PBE encrypted data is sent via email, then distribution of an unencrypted passkey must be over a non-email channel).
f. If persistently stored, the passkey used for PBE must be protected from unauthorized access through logical access or equivalent controls.
Do not place IBM confidential, company confidential, or personal information into any field.