The article describes about the clause 10 of the ISMS Framework i.e - Cryptography , various cryptographic standards.

1. iFour ConsultancyISMS Framework: Clause 10 – Cryptography

2.  ISO 27001:2013 has classified the Cryptography into:
Clause A.10.1: Cryptographic controls
Cryptography – ISMS Requirements

3.  To ensure proper and effective use of cryptography to protect the confidentiality,
authenticity and/ or integrity of information.
Clause A.10.1: Cryptographic controls
A.10.1.1 Policy on the use o f cryptographic controls
A.10.1.2 Key Management

4. Cryptographic controls will be used to achieve the three (3) following security objectives :
Clause A.10.1: Cryptographic controls
Using digital signatures or message authentication codes to protect the authenticity and integrity of stored or
transmitted sensitive or critical information;
Using cryptographic techniques to obtain proof of the occurrence or non-occurrence of an event or action.
Using encryption of information to protect sensitive or critical information either stored or transmitted

5. There should be a policy on the use of encryption, plus cryptographic authentication and
integrity controls such as digital signatures and message authentication codes, and
cryptographic key management.
A.10.1.1 Policy on the use o f cryptographic controls
• A policy on the use of cryptographic controls for protection of information shall be developed and
implemented.

6. Key management is the management of cryptographic keys in a cryptosystem
This includes dealing with the generation, exchange, storage, use, and replacement of keys
Cryptographic systems may use different types of keys - symmetric keys or asymmetric keys.
A.10.1.2 Key Management
• A policy on the use, protection and lifetime of cryptographic keys shall be developed and
implemented through their whole lifecycles.

7. In a symmetric key algorithm the keys involved are identical for both encrypting and
decrypting a message. Keys must be chosen carefully, and distributed and stored securely.
A.10.1.2 Key Management
Asymmetric keys, in contrast, are two distinct keys that are mathematically linked. They are
typically used in conjunction to communicate.

8. Generating keys for different cryptographic systems and different applications;
Generating and obtaining public key certificates;
Distributing keys to intended users, including how keys should be activated when received;
Storing keys, including how authorized users obtain access to keys; changing or updating keys including rules on when keys
should be changed and how this will be done;
Recovering keys that are lost or corrupted as part of business continuity management
Archiving keys, e.g. for information archived or backed up;
Destroying keys
A.10.1.2 Key Management

9. Cryptography Standards
Encryption standards
Hash standards
Digital signature standards
Public-key infrastructure (PKI) standards
Wireless Standards
U.S. Government Federal Information Processing Standards (FIPS)
Internet Requests for Comments (RFCs)
• There are number of standards related to Cryptography like :

10.  https://en.wikipedia.org/wiki/Cryptography_standards
 https://en.wikipedia.org/wiki/Key_management
References

11. Visit our websites :
 http://www.ifour-consultancy.com
 http://www.ifourtechnolab.com
For more details :