Skip to content

Latest commit

 

History

History
77 lines (40 loc) · 3.64 KB

Encryption_Policy.md

File metadata and controls

77 lines (40 loc) · 3.64 KB
  1. Overview

See Purpose.

  1. Purpose

The purpose of this policy is to provide guidance that limits the use of encryption to those algorithms that have received substantial public review and have been proven to work effectively. Additionally, this policy provides direction to ensure that Federal regulations are followed, and legal authority is granted for the dissemination and use of encryption technologies outside of the United States.

  1. Scope

This policy applies to all [ORG’S NAME]’s employees, contractors, interns, vendors and agents with a [ORG’S NAME]-owned or personally-owned computer or workstation used to connect to the [ORG’S NAME]’s network.

  1. *Policy *

    1. Workstation’s encryption

  1. All [ORG’S NAME]’s PCs, Workstations and data storages must have full disk encryption enabled using trusted opensoruce encryption software like VeraCrypt ,FileVault for MAC and bitlocker for windows devices.

  2. Luck screen with a strong password is a mandatory. The time of activating auto luck screen for unattended machine must be less than 2 minutes.

  3. The encrypted devices must be turned off before leaving the office.

  4. Full disk encryption must be using one of the following algorithms

    1. AES-Twofish-Serpent

    2. SHA-512

    3. AES

    4. Triple DES

      1. Smartphone encryption

  1. Any Smartphone or tablet connects to [ORG’S NAME]’s network must be encrypted via enabling full disk encryption support from security settings in each smartphone.

  2. Employees must use strong passphrases

  3. Luck screen with a strong password is a mandatory. The time of activating auto luck screen must be less than 2 minutes.

    1. [ORG’S NAME]’s storage devices (Hard disks, USB flash drives and backups)

  4. Any storage device belongs to [ORG’S NAME] and it has [ORG’S NAME]’s information must be encrypted via enabling full disk encryption.

  5. Employees must use strong passphrases

    1. Key Agreement and Authentication

      1. [ORG’S NAME]’s will encourage users to use PGP encryption (to provide hashing, data compression, symmetric-key cryptography, and public-key cryptography) to the emails that [ORG’S NAME]’s employees are exchanging.

      2. End points must be authenticated prior to the exchange or derivation of session keys.

      3. Public keys used to establish trust must be authenticated prior to use. Examples of authentication include transmission via cryptographically signed message or manual verification of the public key hash.

      4. All servers used for authentication (for example, RADIUS or TACACS) must have installed a valid certificate signed by a known trusted provider.

      5. All servers and applications using SSL or TLS must have the certificates signed by a known, trusted provider.

    2. Key Generation

      1. Cryptographic keys must be generated and stored in a secure manner that prevents loss, theft, or compromise.

      2. Key generation must be seeded from an industry standard random number generator (RNG). For examples, see NIST Annex C: Approved Random Number Generators for FIPS PUB 140-2.

I have read [ORG’S NAME]’s encryption policy and agree to abide by it as consideration for my continued employment by [ORG’S NAME]. I understand that violation of any above policies may result in my termination.

_____________________ User Signature

_____________________ Date