January 7, 2018
Encryption offers a means of protecting data in transit or stored on devices--but organizations must follow proven methods and adhere to current standards for it to be effective. This policy outlines tested and recommended encryption technologies to help secure your corporate data.
From the policy:
Ciphers that are proven, standard, highly tested, and free of patent encumbrances must be used as the basis for encrypting devices and communications. They must meet the requirements delineated in the National Institute of Standards and Technology (NIST) publication FIPS 140-2. While AES is highly recommended, the AES-compatible ciphers ARIA, CAST-256, Camellia, Serpent, and Twofish are also acceptable for use. The use of proprietary ciphers is not allowed for any purpose.
Hash function requirements
SHA-3 should be preferred for any application that uses secure hash algorithms.
SHA-2 may be used for any application that uses secure hash algorithms. Refer to NIST SP 800-57 Part 1 Rev. 4, section 5.6, “Guidance for Cryptographic Algorithm and Key-Size Selection,” and NIST SP 800-131A Rev. 1 for specific technical guidance on the use of SHA-2.
SHA-1 should be considered insecure. It should not be used for generating digital signatures, timestamps, or other applications that require resistance to collision. Refer to NIST SP 800-131A Rev. 1 for specific technical guidance on the legacy use of SHA-1.
Key agreement and authentication
Key exchange must use one of the following protocols: Diffie-Hellman (including ECDH), or Internet Key Exchange (IKE), version 2.
Public keys used to establish trust must be verified (either manually or through a cryptographically signed message) prior to use.
Any server used for authentication must have a valid certificate signed by a trusted provider. All applications or servers using SSL or TLS must have a valid certificate signed by a trusted provider. Use of ephemeral keys is not adequate for this purpose.