3.3.9 Cryptography
| No: 381000091275 | Date(g): 24/5/2017 | Date(h): 28/8/1438 | Status: In-Force |
Principle
The use of cryptographic solutions within the Member Organizations should be defined, approved and implemented.
Objective
To ensure that access to and integrity of sensitive information is protected and the originator of communication or transactions can be confirmed.
Control considerations
| 1. | A cryptographic security standard should be defined, approved and implemented. | |
| 2. | The compliance with the cryptographic security standard should be monitored. | |
| 3. | The effectiveness of the cryptographic security controls should be measured and periodically evaluated. | |
| 4. | The cryptographic security standard should include: | |
| a. | an overview of the approved cryptographic solutions and relevant restrictions (e.g., technically,legally); | |
| b. | the circumstances when the approved cryptographic solutions should be applied; | |
| c. | the management of encryption keys, including lifecycle management, archiving and recovery. | |