9-4 Information Technology Professionals Policy - Section VI: Cryptography Policy

Return to Information Technology Professionals Policy Table of Contents

What’s on this Page

Section VI: Cryptography Policy

Read next: Section VII: Information Systems Acquisition, Development and Maintenance Policy

This Policy establishes requirements for the use and management of cryptography.

1. Cryptographic Controls
   Local Information Service Providers must establish standards on the use of cryptography. Controls must include:
   1. Compliance with all relevant agreements, laws or regulations;
   2. A risk assessment to determine the required level of protection; and
   3. Cryptography key management.
      1. Keys must be securely distributed and stored.
      2. Access to keys must be restricted to only those individuals who have a business need to access the keys.

Back to top