Key that has not been encrypted in a system approved by NSA for key encryption or encrypted key in the presence of its associated key encryption key (KEK) or transfer key encryption key (TrKEK). Encrypted key in the same fill device as its associated KEK or TrKEK is considered unencrypted. (RED key is also known as unencrypted key). Such key is classified at the level of the data it is designed to protect. See BLACK data and encrypted key.

Source: CNSSI 4009-2015 | Category: