CEK-04: Encryption Algorithm

CSF v1.1 References:

PF v1.0 References:

Info icon.

Control is new to this version of the control set and incorporates the following control from the previous version: EKM-04: Storage and Access.

Control Statement

Use encryption algorithms that are appropriate for data protection, considering the classification of data, associated risks, and usability of the encryption technology.

Implementation Guidance

A risk-based approach to encryption algorithms adoption should consider, but not be limited to:

  1. Cryptographic key management system algorithms should not exceed the anticipated lifetime of the CKMS and the information it protects.
  2. Cryptographic key management system security policies should protect the confidentiality, integrity, availability, and source authentication of all keys, algorithms, and metadata.
  3. The (CKMS) should include, but is not limited to:

Approved algorithms Hardware security modules (HSMs) Key sizes

  1. The adoption of the appropriate key size and algorithm types should be done based on cost-benefit analysis and the level of risk to data (please see the reference to quantum-resistant encryption in CEK-03).

Auditing Guidance

  1. Identify the encryption algorithms in use.
  2. Confirm that identified encryption algorithms have been reviewed and approved by appropriate management.
  3. Confirm that the encryption algorithm approval process includes assessment of the appropriateness of the algorithm for the data it is protecting, any associated risks, and the algorithm's usability.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.