SlideShare a Scribd company logo

Acceptable encryption policy

Download as DOC, PDF
R
Richard Thompson
TechnologyEducation
1 of 1
Acceptable Encryption Policy Created by or for the SANS Institute. Feel free to modify or use for your organization. If you have a policy to contribute, please send e-mail to stephen@sans.edu 1.0 Purpose The purpose of this policy is to provide guidance that limits the use of encryption to those algorithms that have received substantial public review and have been proven to work effectively. Additionally, this policy provides direction to ensure that Federal regulations are followed, and legal authority is granted for the dissemination and use of encryption technologies outside of the United States. 2.0 Scope This policy applies to all <Company Name> employees and affiliates. 3.0 Policy Proven, standard algorithms such as DES, Blowfish, RSA, RC5 and IDEA should be used as the basis for encryption technologies. These algorithms represent the actual cipher used for an approved application. For example, Network Associate's Pretty Good Privacy (PGP) uses a combination of IDEA and RSA or Diffie- Hellman, while Secure Socket Layer (SSL) uses RSA encryption. Symmetric cryptosystem key lengths must be at least 56 bits. Asymmetric crypto-system keys must be of a length that yields equivalent strength. <Company Name>’s key length requirements will be reviewed annually and upgraded as technology allows. The use of proprietary encryption algorithms is not allowed for any purpose, unless reviewed by qualified experts outside of the vendor in question and approved by InfoSec. Be aware that the export of encryption technologies is restricted by the U.S. Government. Residents of countries other than the United States should make themselves aware of the encryption technology laws of the country in which they reside. 4.0 Enforcement Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. 5.0 Definitions Term Definition Proprietary Encryption An algorithm that has not been made public and/or has not withstood public scrutiny. The developer of the algorithm could be a vendor, an individual, or the government. Symmetric Cryptosystem A method of encryption in which the same key is used for both encryption and decryption of the data. Asymmetric Cryptosystem A method of encryption in which two different keys are used: one for encrypting and one for decrypting the data (e.g., public-key encryption). 6.0 Revision History

Recommended

Staying Out of the Crosshairs
Staying Out of the CrosshairsStaying Out of the Crosshairs
Staying Out of the Crosshairs
JoAnna Cheshire
 
Respond to the following in a minimum of 175 words security req
Respond to the following in a minimum of 175 words security reqRespond to the following in a minimum of 175 words security req
Respond to the following in a minimum of 175 words security req
SHIVA101531
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
justyogesh
 
Ceh3
Ceh3Ceh3
Ceh3
ChandiniChandran
 
Data Loss Prevention with WatchGuard XCS Solutions
Data Loss Prevention with WatchGuard XCS SolutionsData Loss Prevention with WatchGuard XCS Solutions
Data Loss Prevention with WatchGuard XCS Solutions
Jone Smith
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
hcls
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Rohan Raj
 
@COISSA Cloud Computing and Privacy
@COISSA Cloud Computing and Privacy@COISSA Cloud Computing and Privacy
@COISSA Cloud Computing and Privacy
Dino Tsibouris
 

Recommended

Staying Out of the Crosshairs
Staying Out of the CrosshairsStaying Out of the Crosshairs
Staying Out of the Crosshairs
JoAnna Cheshire
 
Respond to the following in a minimum of 175 words security req
Respond to the following in a minimum of 175 words security reqRespond to the following in a minimum of 175 words security req
Respond to the following in a minimum of 175 words security req
SHIVA101531
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
justyogesh
 
Ceh3
Ceh3Ceh3
Ceh3
ChandiniChandran
 
Data Loss Prevention with WatchGuard XCS Solutions
Data Loss Prevention with WatchGuard XCS SolutionsData Loss Prevention with WatchGuard XCS Solutions
Data Loss Prevention with WatchGuard XCS Solutions
Jone Smith
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
hcls
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Rohan Raj
 
@COISSA Cloud Computing and Privacy
@COISSA Cloud Computing and Privacy@COISSA Cloud Computing and Privacy
@COISSA Cloud Computing and Privacy
Dino Tsibouris
 
Ethical hacking ppt by shantanu arora
Ethical hacking ppt by shantanu aroraEthical hacking ppt by shantanu arora
Ethical hacking ppt by shantanu arora
VaishnaviKhandelwal6
 
Summer training in jaipur
Summer training in jaipurSummer training in jaipur
Summer training in jaipur
cyber cure
 
Information security holistic approach-hkit
Information security holistic approach-hkitInformation security holistic approach-hkit
Information security holistic approach-hkit
HK IT solutions... unlimited...
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastech
Abdulafeez Fasasi
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
BharathiKrishna6
 
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Mark Silverberg
 
Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation
Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 PresentationWill My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation
Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation
Snag
 
Ethical Hacking Presentation
Ethical Hacking PresentationEthical Hacking Presentation
Ethical Hacking Presentation
AmanUllah115928
 
Cyber Threats
Cyber ThreatsCyber Threats
Cyber Threats
Sunit Patil
 
Information and network security ins
Information and network security insInformation and network security ins
Information and network security ins
Astha Parihar
 
Ehtical hacking
Ehtical hackingEhtical hacking
Ehtical hacking
Uday Verma
 
A Framework for Health Information Technology and Network Security
A Framework for Health Information Technology and Network Security A Framework for Health Information Technology and Network Security
A Framework for Health Information Technology and Network Security
Jeff Horsager
 
SplunkLive! Nashville Texas Roadhouse
SplunkLive! Nashville Texas RoadhouseSplunkLive! Nashville Texas Roadhouse
SplunkLive! Nashville Texas Roadhouse
John Miller
 
Cryptography Basics
Cryptography BasicsCryptography Basics
Cryptography Basics
Ali Sadhik Shaik
 
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxSample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
todd331
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
Nuuko, Inc.
 
Discussion Post an article review (minimum of 200 words) relat
Discussion Post an article review (minimum of 200 words) relatDiscussion Post an article review (minimum of 200 words) relat
Discussion Post an article review (minimum of 200 words) relat
LyndonPelletier761
 
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
Black Duck by Synopsys
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standards
automatskicorporation
 
READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS
READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS
READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS
Gregory McNulty
 
READ ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMS
READ ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMSREAD ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMS
READ ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMS
Gregory McNulty
 
Backup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-MonBackup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-Mon
Fares Sharif
 

More Related Content

What's hot

What's hot (14)

Ethical hacking ppt by shantanu arora
Ethical hacking ppt by shantanu aroraEthical hacking ppt by shantanu arora
Ethical hacking ppt by shantanu arora
 
Summer training in jaipur
Summer training in jaipurSummer training in jaipur
Summer training in jaipur
 
Information security holistic approach-hkit
Information security holistic approach-hkitInformation security holistic approach-hkit
Information security holistic approach-hkit
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastech
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
 
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
 
Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation
Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 PresentationWill My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation
Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation
 
Ethical Hacking Presentation
Ethical Hacking PresentationEthical Hacking Presentation
Ethical Hacking Presentation
 
Cyber Threats
Cyber ThreatsCyber Threats
Cyber Threats
 
Information and network security ins
Information and network security insInformation and network security ins
Information and network security ins
 
Ehtical hacking
Ehtical hackingEhtical hacking
Ehtical hacking
 
A Framework for Health Information Technology and Network Security
A Framework for Health Information Technology and Network Security A Framework for Health Information Technology and Network Security
A Framework for Health Information Technology and Network Security
 
SplunkLive! Nashville Texas Roadhouse
SplunkLive! Nashville Texas RoadhouseSplunkLive! Nashville Texas Roadhouse
SplunkLive! Nashville Texas Roadhouse
 
Cryptography Basics
Cryptography BasicsCryptography Basics
Cryptography Basics
 

Similar to Acceptable encryption policy

Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxSample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
todd331
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
Nuuko, Inc.
 
Discussion Post an article review (minimum of 200 words) relat
Discussion Post an article review (minimum of 200 words) relatDiscussion Post an article review (minimum of 200 words) relat
Discussion Post an article review (minimum of 200 words) relat
LyndonPelletier761
 
Backup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-MonBackup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-Mon
Fares Sharif
 
Cyber Defense Team's Security Policy
Cyber Defense Team's Security PolicyCyber Defense Team's Security Policy
Cyber Defense Team's Security Policy
Kunal Sharma
 
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxWeek 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
cockekeshia
 
Security policy.pdf
Security policy.pdfSecurity policy.pdf
Security policy.pdf
Md. Sajjat Hossain
 
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docxWorksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
griffinruthie22
 
[EMC] Source Code Protection
[EMC] Source Code Protection[EMC] Source Code Protection
[EMC] Source Code Protection
Perforce
 
In responding to your peers’ posts, assess your peers’ recommendatio.docx
In responding to your peers’ posts, assess your peers’ recommendatio.docxIn responding to your peers’ posts, assess your peers’ recommendatio.docx
In responding to your peers’ posts, assess your peers’ recommendatio.docx
mecklenburgstrelitzh
 

Similar to Acceptable encryption policy (20)

Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxSample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
 
Discussion Post an article review (minimum of 200 words) relat
Discussion Post an article review (minimum of 200 words) relatDiscussion Post an article review (minimum of 200 words) relat
Discussion Post an article review (minimum of 200 words) relat
 
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standards
 
READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS
READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS
READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS
 
READ ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMS
READ ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMSREAD ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMS
READ ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMS
 
Backup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-MonBackup of FinalExam-EssayQ-Mon
Backup of FinalExam-EssayQ-Mon
 
Cyber Defense Team's Security Policy
Cyber Defense Team's Security PolicyCyber Defense Team's Security Policy
Cyber Defense Team's Security Policy
 
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4
 
CLOUD SECURITY.pptx
CLOUD SECURITY.pptxCLOUD SECURITY.pptx
CLOUD SECURITY.pptx
 
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxWeek 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
 
Encryption During Communication
Encryption During CommunicationEncryption During Communication
Encryption During Communication
 
Security policy.pdf
Security policy.pdfSecurity policy.pdf
Security policy.pdf
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security Policies
 
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docxWorksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
 
Introdction to Cloud Regulation for Enterprise by 2Bsecure
Introdction to Cloud Regulation for Enterprise by 2BsecureIntrodction to Cloud Regulation for Enterprise by 2Bsecure
Introdction to Cloud Regulation for Enterprise by 2Bsecure
 
[EMC] Source Code Protection
[EMC] Source Code Protection[EMC] Source Code Protection
[EMC] Source Code Protection
 
In responding to your peers’ posts, assess your peers’ recommendatio.docx
In responding to your peers’ posts, assess your peers’ recommendatio.docxIn responding to your peers’ posts, assess your peers’ recommendatio.docx
In responding to your peers’ posts, assess your peers’ recommendatio.docx
 
Train Employees to Avoid Cybercrime
Train Employees to Avoid CybercrimeTrain Employees to Avoid Cybercrime
Train Employees to Avoid Cybercrime
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Acceptable encryption policy

  • 1. Acceptable Encryption Policy Created by or for the SANS Institute. Feel free to modify or use for your organization. If you have a policy to contribute, please send e-mail to stephen@sans.edu 1.0 Purpose The purpose of this policy is to provide guidance that limits the use of encryption to those algorithms that have received substantial public review and have been proven to work effectively. Additionally, this policy provides direction to ensure that Federal regulations are followed, and legal authority is granted for the dissemination and use of encryption technologies outside of the United States. 2.0 Scope This policy applies to all <Company Name> employees and affiliates. 3.0 Policy Proven, standard algorithms such as DES, Blowfish, RSA, RC5 and IDEA should be used as the basis for encryption technologies. These algorithms represent the actual cipher used for an approved application. For example, Network Associate's Pretty Good Privacy (PGP) uses a combination of IDEA and RSA or Diffie- Hellman, while Secure Socket Layer (SSL) uses RSA encryption. Symmetric cryptosystem key lengths must be at least 56 bits. Asymmetric crypto-system keys must be of a length that yields equivalent strength. <Company Name>’s key length requirements will be reviewed annually and upgraded as technology allows. The use of proprietary encryption algorithms is not allowed for any purpose, unless reviewed by qualified experts outside of the vendor in question and approved by InfoSec. Be aware that the export of encryption technologies is restricted by the U.S. Government. Residents of countries other than the United States should make themselves aware of the encryption technology laws of the country in which they reside. 4.0 Enforcement Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. 5.0 Definitions Term Definition Proprietary Encryption An algorithm that has not been made public and/or has not withstood public scrutiny. The developer of the algorithm could be a vendor, an individual, or the government. Symmetric Cryptosystem A method of encryption in which the same key is used for both encryption and decryption of the data. Asymmetric Cryptosystem A method of encryption in which two different keys are used: one for encrypting and one for decrypting the data (e.g., public-key encryption). 6.0 Revision History