683: ENCRYPTION

Policy 683: Encryption defines the minimum requirements for the selection, application, and management of encryption technologies.

Standard 683S1: Transmission Confidentiality and Integrity defines acceptable methods of cryptographic protection to prevent unauthorized disclosure of sensitive or confidential information during transmission. Topics addressed include email and file transfer encryption.

Standard 683S2: Protection of Information at Rest establishes requirements for key management and encryption of sensitive or confidential data stored (at rest) on state-owned information systems and mobile devices.

Risks that are addressed in these documents include:

  • Protecting the confidentiality and integrity of information transmitted over public networks
  • Encryption technologies used meet validated standards for security

 

These documents address NIST SP 800-53 security controls:

  • SC-8: Transmission Confidentiality and Integrity
  • AC-17 (CE2): Protection of Confidentiality and Integrity Using Encryption
  • AC-19 (CE5): Mobile Device – Container-based Encryption
  • SC-12: Cryptographic Key Management
  • SC-13: Cryptographic Protection
  • SC-17: Public Key Infrastructure (PKI) Certificates
  • SC-28: Protection of Information at Rest
  • SC-28 (CE1): Cryptographic Protection
  • MP-5 (CE4): Media Transport | Cryptographic Protection

 

View or Download:

DRAFT Policy 683: Encryption

DRAFT Standard 683S1: Transmission Confidentiality and Integrity

DRAFT Standard 683S2: Protection of Information at Rest