9-4 Information Technology Professionals Policy - Section VI: Cryptography Policy
What’s on this Page
Section VI: Cryptography Policy
VI. Cryptography Policy
This Policy establishes requirements for the use and management of cryptography.
- Cryptographic Controls
Local Information Service Providers must establish standards on the use of cryptography. Controls must include:
- Compliance with all relevant agreements, laws or regulations;
- A risk assessment to determine the required level of protection; and
- Cryptography key management.
- Keys must be securely distributed and stored.
- Access to keys must be restricted to only those individuals who have a business need to access the keys.