[PCI-DSS] 3.6.5 Retirement or replacement of old or suspected compromised cryptographic keys
3.6.5.a Verify that key-management procedures are implemented to require the retirement of old keys (for example: archiving, destruction, and revocation as applicable).
3.6.5.b Verify that the key-management procedures are implemented to require the replacement of known or suspected compromised keys.