Skip to Content

9-4 Information Technology Professionals Policy - Section VI: Cryptography Policy

Information Systems Department

VI. Cryptography Policy

This Policy establishes requirements for the use and management of cryptography.

  1. Cryptographic Controls
    Local Information Service Providers must establish standards on the use of cryptography. Controls must include:
    1. Compliance with all relevant agreements, laws or regulations;
    2. A risk assessment to determine the required level of protection; and
    3. Cryptography key management.
      1. Keys must be securely distributed and stored.
      2. Access to keys must be restricted to only those individuals who have a business need to access the keys.

Back to top