Unformatted text preview: Acceptable Encryption Policy Created by or for the SANS Institute. Feel free to modify or use for your organization. If you have a policy to contribute, please send e-mail to [email protected] 1.0 Purpose The purpose of this policy is to provide guidance that limits the use of encryption to those algorithms that have received substantial public review and have been proven to work effectively. Additionally, this policy provides direction to ensure that Federal regulations are followed, and legal authority is granted for the dissemination and use of encryption technologies outside of the United States. 2.0 Scope This policy applies to all <Company Name> employees and affiliates. 3.0 Policy Proven, standard algorithms such as DES, Blowfish, RSA, RC5 and IDEA should be used as the basis for encryption technologies. These algorithms represent the actual cipher used for an approved application. For example, Network Associate's Pretty Good Privacy (PGP) uses a combination of IDEA and RSA or Diffie-...
View Full Document
This note was uploaded on 09/25/2010 for the course SIT 284 taught by Professor Lei during the Two '08 term at Deakin.
- Two '08