Encryption Policy

Last Updated: July 15, 2024
Format: WORD

Encryption is vital for securing data, whether in transit or stored on devices. It can provide peace of mind that communications will not be intercepted and that sensitive information stored on devices can’t be exfiltrated in the event of loss or theft.

This policy from TechRepublic Premium provides guidelines for adopting encryption technologies for organizational use that have undergone extensive technical review, are not encumbered by patents or copyright and have been proven to work reliably.

  • Featured text from the policy:

    HASH FUNCTIONS REQUIREMENTS

    SHA-3 should be preferred for any application that uses secure hash algorithms.

    SHA-2 may be used for any application that uses secure hash algorithms. Refer to NIST SP 800-57 Part 1 Rev. 4, section 5.6, “Guidance for Cryptographic Algorithm and Key-Size Selection,” and NIST SP 800-131A Rev. 1 for specific technical guidance on the use of SHA-2.

    SHA-1 should be considered insecure. It should not be used for generating digital signatures, timestamps or other applications that require resistance to collision. Refer to NIST SP 800-131A Rev. 1 for specific technical guidance on the legacy use of SHA-1.

Beef up your data security with our six-page policy document. This is available for download at just $19. Alternatively, enjoy complimentary access with a Premium annual subscription. Click here to find out more.

TIME SAVED: Crafting this content required 12 hours of dedicated writing, editing and research.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday