This part of the IEC 62351 series specifies cryptographic key management, primarily focused on the management of long-term keys, which are most often asymmetric key pairs, such as certificates and corresponding public/private key pairs. Symmetric key management is also considered but only with respect to session keys for group-based communication as applied in IEC 62351-6. The objective of this standard is to define requirements and technologies to achieve interoperability of key management by specifying or limiting key management options to be used. This part of IEC 62351 assumes that an organization (or group of organizations) has defined a security policy to select the type of keys and cryptographic algorithms that will be utilized, which may have to align with other standards or regulatory requirements. This document therefore specifies only the management techniques for these selected key and cryptography infrastructures. This document assumes that the reader has a basic understanding of cryptography and key management principles. The requirements for the management of pairwise symmetric (session) keys in the context of communication protocols is specified in IEC 62351 parts utilizing or specifying pairwise communication like: " IEC 62351-3 for TLS by profiling the TLS options " IEC 62351-4 for the application layer end-to-end security profiles " IEC 62351-5 for the application layer security mechanism for IEC 60870-5-101/104 and IEEE 1815 (DNP3) This part also defines security events for specific conditions which could identify issues which might require error handling. However, the actions of the organisation in response to these error conditions are beyond the scope of this document and are expected to be defined by the organizations security policy. In the future, as public-key cryptography becomes endangered by the evolution of quantum computers, this document will also consider post-quantum cryptography to a certain extend. Note that at this time being no specific measures are provided.