Instant 27001 demo environment
A.8.24 Use of cryptography
Control details
Requirement | Rules for the effective use of cryptography, including cryptographic key management, shall be defined and implemented. |
---|---|
Instruction | To ensure proper and effective use of cryptography to protect the confidentiality, authenticity or integrity of information in compliance with legal, statutory, regulatory or contractual requirements related to cryptography. It is not needed to reinvent the wheel, there might be existing baselines available for your industry, such as NIST, PCI-DSS or your national cyber security center. You can also define a minimum rating in ssllabs.com (such as A or A+). |
Implementation | Requirements for cryptography and key management are defined in the Cryptography policy |
Status | Implemented |
Applicable | YES |
Reason | Risk assessment |
Check details
Owner | System administrator |
---|---|
Frequency | Quarter |
Instruction | Execute the checks referenced in the Cryptography policy (ssllabs.com, mxtoolbox.com or internet.nl) and record the scores in the comment section |
File | Modified |
---|