What must all crypto key custodians formally acknowledge?

The essential idea here is accountability for those who hold cryptographic keys. Crypto key custodians must formally acknowledge their responsibilities as custodians, agreeing to protect keys, follow approved usage, and adhere to the organization’s key-management policies. This formal acknowledgment creates a clear, auditable commitment that helps ensure proper handling, access control, and duty separation, which are crucial for safeguarding sensitive cryptographic material. The other options don’t fit because the standard isn’t about a fixed retention period, nor does it authorize sharing keys with developers, and it isn’t limited to storage alone. Custodianship involves more than just storing keys; it includes understanding and accepting the full scope of responsibilities for protecting and using keys appropriately.