Section
Process
12 clauses
How else should confidentiality be maintained?
1 clause
| Clause summary and text | Used | Favoured party | Author | Governing law | Source |
|---|---|---|---|---|---|
Confidentiality and integrityWhen considering encryption, consider the use of digital signatures or hash functions as well. Encryption only helps with confidentiality. In most cases where confidentiality is important, integrity is also important and digital signatures and hash functions are important tools to ensure integrity. Please refer to the Data Protection Policy for more details. | 0 | Neutral |  Genie Team | England and Wales | User uploaded |
How often should keys be changed?
1 clause
| Clause summary and text | Used | Favoured party | Author | Governing law | Source |
|---|---|---|---|---|---|
Passwords and private keysSymmetric algorithm keys and private keys are like passwords, and our Password Policy applies. For instance these keys should never be re-used and should also be changed at least every PRIVATE KEY RENEWAL months. Public keys are typically not confidential and can be changed less frequently. | 1 | Neutral | Genie Team | England and Wales | User uploaded |
How should keys be generated?
1 clause
| Clause summary and text | Used | Favoured party | Author | Governing law | Source |
|---|---|---|---|---|---|
Secure random number generatorMake sure that all keys are randomly generated using a secure random number generator. You cannot use common words as keys. Keys should also never be stored in source code | 0 | Neutral | Genie Team | England and Wales | User uploaded |
How should keys be managed?
1 clause
How should someone check that a product uses a strong cryptographic algorithm?
1 clause
| Clause summary and text | Used | Favoured party | Author | Governing law | Source |
|---|---|---|---|---|---|
cryptographic products, strong algorithms, no known weaknessesWhen deciding to use certain products with cryptographic features (e.g. encryption software), you must check that the product uses a strong cryptographic algorithm and you must do a google search to check if this product has known weaknesses. | 0 | Neutral | Genie Team | England and Wales | User uploaded |
Should minimum key lengths be used?
1 clause
What are examples of strong algorithms?
1 clause
| Clause summary and text | Used | Favoured party | Author | Governing law | Source |
|---|---|---|---|---|---|
symmetric encryption: AES, RC6, Serpent, Twofish asymmetric encryption: RSA, Elliptic Curve cryptography hash functions: SHA2 digital signatures: RSA, DSA, ECDSARecommended strong algorithms: Symmetric encryption: AES (four sizes, 128 bits is already good). Also suitable according to ENISA are RC6, Serpent, Twofish Asymmetric encryption: RSA (2048 bit recommended, at least 1200 bits required). Also suitable according to ENISA is Elliptic Curve cryptography with at least 256 bits key. Hash functions: SHA2 (four sizes, 256 bits is recommended). Digital signatures: RSA (good 2048 bits, ok 1200 bits). Alternatives are DSA, ECDSA. | 0 | Neutral | Genie Team | England and Wales | User uploaded |
What cryptographic algorithms should be used?
1 clause
| Clause summary and text | Used | Favoured party | Author | Governing law | Source |
|---|---|---|---|---|---|
Only use strong algorithmsMake sure that you only use strong cryptographic algorithms. The difference between weak and strong algorithms is explained further on in this document. Only use algorithms that have been published and have been scrutinised by researchers. Never invent your own algorithms or use non-public algorithm | 0 | Neutral | Genie Team | England and Wales | User uploaded |
What is the process for changing features that rely on cryptography?
1 clause
| Clause summary and text | Used | Favoured party | Author | Governing law | Source |
|---|---|---|---|---|---|
Two developers review code for cryptographic changesWhen you are adding or changing features that rely on cryptography during software development, a second developer must review the source code and check against the rules in this policy. Note that you should never design your own algorithms (see note below), this policy is intended for cases where you invoke an existing algorithm for a specific purpose. | 0 | Neutral | Genie Team | England and Wales | User uploaded |
When is data at rest?
1 clause
| Clause summary and text | Used | Favoured party | Author | Governing law | Source |
|---|---|---|---|---|---|
Security and encryption are important for data at rest and in transitAt rest means when the data is stored for later use, for instance on a disk or in a database in the cloud. In both situations security is important. Whether encryption is needed should be decided based on the importance of the information and the risks for the type of storage or transit. The COMPANY NAME information asset register lists which information should be kept confidential, and the risk management process details risk level. Please refer to this in making any decisions on cryptography. | 0 | Neutral | Genie Team | England and Wales | User uploaded |
Loading more