9-4 Information Technology Professionals Policy - Section VI: Cryptography Policy
Return to Information Technology Professionals Policy Table of Contents
What’s on this Page
Section VI: Cryptography Policy
Read next: Section VII: Information Systems Acquisition, Development and Maintenance Policy
VI. Cryptography Policy
This Policy establishes requirements for the use and management of cryptography.
- Cryptographic Controls
Local Information Service Providers must establish standards on the use of cryptography. Controls must include:- Compliance with all relevant agreements, laws or regulations;
- A risk assessment to determine the required level of protection; and
- Cryptography key management.
- Keys must be securely distributed and stored.
- Access to keys must be restricted to only those individuals who have a business need to access the keys.