Cryptography Policy template

Cryptography Policy

The objective of the Cryptography Policy and controls is to address confidential data that is at rest (including portable devices and removable media), in motion (transmission security), and encryption key standards and management.

CONTENT

1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. REQUIRED USE OF ENCRYPTION
4. DATA AT REST
4.1 COMPANY LAPTOPS AND WORKSTATIONS
4.2 COMPANY MOBILE DEVICES AND PHONES
4.3 REMOVABLE STORAGE
5. DATA ENCRYPTION IN TRANSIT
5.1 WAN
5.2 WIRELESS NETWORK
5.3 VPN
5.4 APPLICATION PORTALS
5.5 REMOTE DESKTOP
5.6 EMAIL
6. KEY MANAGEMENT
6.1 KEY GENERATION
6.2 KEY PROTECTION
6.3 DISTRIBUTION
6.4 STORAGE
6.5 USAGE PERIODS, ROTATION AND ARCHIVAL
6.6 UPDATING AND RENEWAL
6.7 RETRIEVAL AND REVOCATION
6.8 BACKUP AND RECOVERY
6.9 RETIREMENT
6.10 DESTRUCTION
7. EXCEPTIONS
8. FINAL CONSIDERATIONS
8.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
8.2 DOCUMENT REVISION

Pages: 12

Review Cryptography Policy.

Your email address will not be published. Required fields are marked *

Related Products:

€1,719.99

Purchase

This bundle contains all the products listed in the Data Governance section. Take advantage of the 25% OFF when buying the bundle!

€99.99

Purchase

This IT Risk Standard details the requirements with respect to Network Security. It addresses requirements which must be incorporated into the Company network design, in order to mitigate risks associated with remote access and interconnected networks.

€49.99

Purchase

The objective of this standard is to define the configuration to be met by all servers owned or managed by Company that are located outside of the firewalls. The standards are designed to minimize the exposure to Company from damages that may result from malicious activities from both internal and external entities. Internet facing devices located outside the Company firewalls are considered part of the DMZ.

Get  Your Free Sample

Please use the form below to subscribe to our list and receive a free procedure template!
GET YOUR FREE TEMPLATE
>
close-link