[PCI DSS 3.0] 3.6.7 Prevention of unauthorized substitution of cryptographic keys.

3.6.7 Prevention of unauthorized substitution of cryptographic keys.

3.6.7.a Verify that key-management procedures specify processes to prevent unauthorized substitution of keys.

3.6.7.b Interview personnel and/or observe processes to verify that unauthorized substitution of keys is prevented.

The encryption solution should not allow for or accept substitution of keys coming from unauthorized sources or unexpected processes.