Requirement 3.6.4

Periodic cryptographic key changes

  • As deemed necessary and recommended by the associated application (for example, re-keying); preferably automatically
  • At least annually