Department of Corrections and Rehabilitation - Operations Manual

Cancel

Chapter 4 – Information Technology

Article 45 – Information Security

Revised May 20, 2013

View All Sections >

49020.11.2 Cryptographic Controls

  • Cryptographic controls should be considered to achieve:

    • Confidentiality: using encryption of information to protect sensitive or critical information either stored or transmitted;

    • Integrity/authenticity: using digital signatures or message authentication codes to protect the authenticity and integrity of stored or transmitted sensitive or critical information;

    • Non-repudiation: using cryptographic techniques to obtain proof of the occurrence or non-occurrence of an event or action.

  • Based on a risk assessment, the required level of protection shall be identified taking into account the type, strength, and quality of the encryption algorithm required. All cryptographic keys shall be protected against modification, loss, and/or destruction.