Requirement 3.5.1

Restrict access to cryptographic keys to the fewest number of custodians necessary.