Section

Process

12 clauses

Clause summary and textUsedFavoured partyAuthorGoverning lawSource

Confidentiality and integrity

1.1.When considering encryption, consider the use of digital signatures or hash functions as well. Encryption only helps with confidentiality. In most cases where confidentiality is important, integrity is also important and digital signatures and hash functions are important tools to ensure integrity. Please refer to the Data Protection Policy for more details.
0
Neutral
Genie Team

Genie Team

England and Wales

User uploaded

Clause summary and textUsedFavoured partyAuthorGoverning lawSource

Passwords and private keys

1.1.Symmetric algorithm keys and private keys are like passwords, and our Password Policy applies. For instance these keys should never be re-used and should also be changed at least every PRIVATE KEY RENEWAL months. Public keys are typically not confidential and can be changed less frequently.
1
Neutral
Genie Team

Genie Team

England and Wales

User uploaded

Clause summary and textUsedFavoured partyAuthorGoverning lawSource

Secure random number generator

1.1.Make sure that all keys are randomly generated using a secure random number generator. You cannot use common words as keys. Keys should also never be stored in source code
0
Neutral
Genie Team

Genie Team

England and Wales

User uploaded

Clause summary and textUsedFavoured partyAuthorGoverning lawSource

Key management process

1.1.Make sure that key management is in place. You need to make sure keys are generated securely, stored in a secure way and destroyed when no longer needed.
0
Neutral
Genie Team

Genie Team

England and Wales

User uploaded

Clause summary and textUsedFavoured partyAuthorGoverning lawSource

cryptographic products, strong algorithms, no known weaknesses

1.1.When deciding to use certain products with cryptographic features (e.g. encryption software), you must check that the product uses a strong cryptographic algorithm and you must do a google search to check if this product has known weaknesses.
0
Neutral
Genie Team

Genie Team

England and Wales

User uploaded

Clause summary and textUsedFavoured partyAuthorGoverning lawSource

Short key lengths

1.1.Make sure that you understand the risks of short key lengths and set minimum key lengths for algorithms that let you choose the key size.
0
Neutral
Genie Team

Genie Team

England and Wales

User uploaded

Clause summary and textUsedFavoured partyAuthorGoverning lawSource

symmetric encryption: AES, RC6, Serpent, Twofish asymmetric encryption: RSA, Elliptic Curve cryptography hash functions: SHA2 digital signatures: RSA, DSA, ECDSA

1.1.Recommended strong algorithms:
1.2.Symmetric encryption: AES (four sizes, 128 bits is already good). Also suitable according to ENISA are RC6, Serpent, Twofish
1.3.Asymmetric encryption: RSA (2048 bit recommended, at least 1200 bits required). Also suitable according to ENISA is Elliptic Curve cryptography with at least 256 bits key.
1.4.Hash functions: SHA2 (four sizes, 256 bits is recommended).
1.5.Digital signatures: RSA (good 2048 bits, ok 1200 bits). Alternatives are DSA, ECDSA.
0
Neutral
Genie Team

Genie Team

England and Wales

User uploaded

Clause summary and textUsedFavoured partyAuthorGoverning lawSource

Only use strong algorithms

1.1.Make sure that you only use strong cryptographic algorithms. The difference between weak and strong algorithms is explained further on in this document. Only use algorithms that have been published and have been scrutinised by researchers. Never invent your own algorithms or use non-public algorithm
0
Neutral
Genie Team

Genie Team

England and Wales

User uploaded

Clause summary and textUsedFavoured partyAuthorGoverning lawSource

Two developers review code for cryptographic changes

1.1.When you are adding or changing features that rely on cryptography during software development, a second developer must review the source code and check against the rules in this policy. Note that you should never design your own algorithms (see note below), this policy is intended for cases where you invoke an existing algorithm for a specific purpose.
0
Neutral
Genie Team

Genie Team

England and Wales

User uploaded

Clause summary and textUsedFavoured partyAuthorGoverning lawSource

Security and encryption are important for data at rest and in transit

1.1.At rest means when the data is stored for later use, for instance on a disk or in a database in the cloud. In both situations security is important. Whether encryption is needed should be decided based on the importance of the information and the risks for the type of storage or transit.
1.2.The COMPANY NAME information asset register lists which information should be kept confidential, and the risk management process details risk level. Please refer to this in making any decisions on cryptography.
0
Neutral
Genie Team

Genie Team

England and Wales

User uploaded

Loading more