Financial Data Encryption Audit

finserv-encryption · v1.1.0 · paid

Evaluates data-at-rest and data-in-transit encryption, key management, certificate handling, algorithm selection, and PCI-DSS encryption requirements.

Data-at-Rest Encryption

data-at-rest · weight 0.3

All sensitive financial data encrypted at rest using AES-256+
ab-001417
critical
Database TDE or column-level encryption for sensitive fields
ab-001418
high
Encrypted backups verified semi-annually
ab-001419
medium
Key backup/DR procedures tested
ab-001420
low

Data-in-Transit Encryption

data-in-transit · weight 0.3

All financial data transmissions use TLS 1.2+
ab-001421
critical
Certificate validation for payment processor API endpoints
ab-001422
high
Payment gateway uses cert-based auth, not API keys in URLs
ab-001423
medium

Key Management

key-management · weight 0.25

Encryption keys stored separately from data in dedicated KMS
ab-001424
high
Key rotation enforced annually
ab-001425
high
Algorithm selection justified against NIST
ab-001426
high
Key access logs audited quarterly
ab-001427
medium

PCI Encryption Alignment

pci-alignment · weight 0.15

PCI-DSS encryption documented with AES-256 minimum
ab-001428
medium
Encryption strength verified via scan tools
ab-001429
low
PII excluded from application logs
ab-001430
low
Documentation of algorithms/key lengths/ciphers
ab-001431
low
Encryption performance benchmarked for latency SLAs
ab-001432
low
Dev/staging use different keys than prod
ab-001433
low
Third-party crypto libs pinned to audited versions
ab-001434
info
Encryption checklist signed off pre-deployment
ab-001435
info
Legacy data migration plan for re-encryption
ab-001436
info