Sample Encryption Standard:: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
(5 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
== | ==Sample Encryption Standard== | ||
This Encryption Standard builds on the objectives established in the Asset Protection Standard, and provides specific instructions and requirements for the encryption of sensitive information assets. | |||
This | |||
==''' | ==Objectives== | ||
# '''General Requirements''' | |||
## Encryption shall be used to protect the confidentiality and integrity of sensitive Company information assets in accordance with the Information Handling Standard and the Integrity Protection Standard. | |||
## The use of Company-approved encryption shall be governed in accordance with the laws of the country, region, or other regulating entity in which Users perform their work. Encryption shall not be used to violate any laws or regulations. | |||
## The Chief Administrative Officer (CAO) must approve all Company encryption processes before they are used. | |||
## Encryption keys are considered sensitive Company information and access to them must be restricted on a need to know basis. | |||
## Any potential or actual compromise of a User's encryption key must be reported to Lazarus Alliance, LLC. Information Security immediately so that the certificate may be revoked or at least within twenty-four (24) hours of discovery. | |||
# '''Message Digest Algorithms''' | |||
## The following are Company-approved message digest algorithms: | |||
### SHA-1 with 128-bit or 160 bit key | |||
### SHA-2 with 224- bit or 256-bit or 384-bit or 512 bit-key | |||
# '''Symmetric Key Algorithms''' | |||
' | ## The following are Company-approved symmetric block cipher algorithms: | ||
### AES | |||
### CAST5 (using a 128-bit key) | |||
### Triple-DES | |||
'''Message Digest | ## Exceptions: | ||
### Authorized for usage in currently deployed production systems as of September 12, 2013. Grandfathered systems and applications will remain until the system is replaced or the encryption algorithm is updated to an approved level and the system or application is removed from exception status. | |||
''' | ### As of May 2010, 3DES is still authorized by Visa and the other PCI consortium. Key size options are 56, 122, and 168. We should promote 168 bit keys if 3DES is used instead of AES. | ||
## Prior to using encryption with any of the Company-approved symmetric encryption algorithms, the encryption key must be provided to Information Security to ensure appropriate Company representatives can retrieve information should the need arise. | |||
## Symmetric keys should be generated and handled in accordance with Company password standards established in the Access Control Standard. | |||
# '''Public Key Algorithms''' | |||
## The following are Company-approved public-key algorithms: | |||
### [RSA with 1024-bit or stronger bit key] | |||
## Public key encryption packages must use Corporate Signing Keys or Additional Decryption Keys to ensure the Company can retrieve the encrypted information should the need arise. | |||
## Temporary session keys used by public key cryptosystems such as Virtual Private Networks (VPN) are exempt from escrow. | |||
''' | ## Users shall not extend trust to non-Company public keys without approval of Lazarus Alliance, LLC. Information Security. | ||
## Public keys should be generated and handled in accordance with Company password standards established in the Access Control Standard. | |||
## Public key pass-phrases should contain more than one word and a minimum of ten (10) total characters. | |||
<br> | <br> | ||
== | ==Document Examples== | ||
Use these samples as a guide for your policy development. Fully customizable versions are available from [http://policy-machine.com The Policy Machine].<br> | |||
The | |||
<br> | <br> | ||
<gallery> | |||
Image:Encryption Standard.png|Encryption Standard page one of eight. | |||
Image:Encryption Standard(1).png|Encryption Standard page two of eight | |||
Image:Encryption Standard(2).png|Encryption Standard page three of eight | |||
Image:Encryption Standard(3).png|Encryption Standard page four of eight | |||
Image:Encryption Standard(4).png|Encryption Standard page five of eight | |||
Image:Encryption Standard(5).png|Encryption Standard page six of eight | |||
Image:Encryption Standard(6).png|Encryption Standard page seven of eight | |||
Image:Encryption Standard(7).png|Encryption Standard page eight of eight. | |||
</gallery> |
Latest revision as of 15:12, 21 January 2014
Sample Encryption Standard
This Encryption Standard builds on the objectives established in the Asset Protection Standard, and provides specific instructions and requirements for the encryption of sensitive information assets.
Objectives
- General Requirements
- Encryption shall be used to protect the confidentiality and integrity of sensitive Company information assets in accordance with the Information Handling Standard and the Integrity Protection Standard.
- The use of Company-approved encryption shall be governed in accordance with the laws of the country, region, or other regulating entity in which Users perform their work. Encryption shall not be used to violate any laws or regulations.
- The Chief Administrative Officer (CAO) must approve all Company encryption processes before they are used.
- Encryption keys are considered sensitive Company information and access to them must be restricted on a need to know basis.
- Any potential or actual compromise of a User's encryption key must be reported to Lazarus Alliance, LLC. Information Security immediately so that the certificate may be revoked or at least within twenty-four (24) hours of discovery.
- Message Digest Algorithms
- The following are Company-approved message digest algorithms:
- SHA-1 with 128-bit or 160 bit key
- SHA-2 with 224- bit or 256-bit or 384-bit or 512 bit-key
- The following are Company-approved message digest algorithms:
- Symmetric Key Algorithms
- The following are Company-approved symmetric block cipher algorithms:
- AES
- CAST5 (using a 128-bit key)
- Triple-DES
- Exceptions:
- Authorized for usage in currently deployed production systems as of September 12, 2013. Grandfathered systems and applications will remain until the system is replaced or the encryption algorithm is updated to an approved level and the system or application is removed from exception status.
- As of May 2010, 3DES is still authorized by Visa and the other PCI consortium. Key size options are 56, 122, and 168. We should promote 168 bit keys if 3DES is used instead of AES.
- Prior to using encryption with any of the Company-approved symmetric encryption algorithms, the encryption key must be provided to Information Security to ensure appropriate Company representatives can retrieve information should the need arise.
- Symmetric keys should be generated and handled in accordance with Company password standards established in the Access Control Standard.
- The following are Company-approved symmetric block cipher algorithms:
- Public Key Algorithms
- The following are Company-approved public-key algorithms:
- [RSA with 1024-bit or stronger bit key]
- Public key encryption packages must use Corporate Signing Keys or Additional Decryption Keys to ensure the Company can retrieve the encrypted information should the need arise.
- Temporary session keys used by public key cryptosystems such as Virtual Private Networks (VPN) are exempt from escrow.
- Users shall not extend trust to non-Company public keys without approval of Lazarus Alliance, LLC. Information Security.
- Public keys should be generated and handled in accordance with Company password standards established in the Access Control Standard.
- Public key pass-phrases should contain more than one word and a minimum of ten (10) total characters.
- The following are Company-approved public-key algorithms:
Document Examples
Use these samples as a guide for your policy development. Fully customizable versions are available from The Policy Machine.
-
Encryption Standard page one of eight.
-
Encryption Standard page two of eight
-
Encryption Standard page three of eight
-
Encryption Standard page four of eight
-
Encryption Standard page five of eight
-
Encryption Standard page six of eight
-
Encryption Standard page seven of eight
-
Encryption Standard page eight of eight.