Cryptographic controls Sample Clauses
The 'Cryptographic controls' clause establishes requirements for the use of cryptographic methods to protect sensitive information. It typically outlines when and how encryption, digital signatures, or other cryptographic techniques must be applied to data at rest, in transit, or during processing, and may specify standards or key management practices. This clause ensures that confidential or critical data is safeguarded against unauthorized access or tampering, thereby reducing the risk of data breaches and supporting compliance with security regulations.
POPULAR SAMPLE Copied 1 times
Cryptographic controls i. Contractor has a cryptographic controls policy in place that is documented, has obtained management approval, is reviewed no less frequently than annually and is maintained to ensure its continuing suitability, adequacy and effectiveness.
Cryptographic controls. Iron Mountain shall follow a documented policy on the use of cryptographic controls. Iron Mountain’s cryptographic controls shall:
6.14.1 Be designed to reasonably protect the confidentiality and integrity of Customer Personal Data being processed, transmitted or stored by Iron Mountain in any shared network environments in accordance with the terms of the Agreement;
6.14.2 Be applied, in Iron Mountain-hosted environment(s) used to provide services, to Customer Personal Data in transit across or to “untrusted” networks (i.e., networks that Iron Mountain does not legally control), including those used for sending data to Customer’s corporate network from Iron Mountain’s network, subject, in each case, to Customer’s cooperation in management of encryption keys necessary to de-encrypt transmissions received by Customer; and
6.14.3 Include documented encryption key management practices to support the security of cryptographic technologies.
6.14.4 Include encryption of all Customer Personal Data on laptops or other portable devices.
Cryptographic controls. The Contractor should put in place an appropriate policy on the use of encryption, plus cryptographic authentication and integrity controls such as digital signatures and message authentication codes, and cryptographic key management.
Cryptographic controls. Contractor has a cryptographic controls policy in place that is documented, has obtained management approval, is reviewed no less frequently than annually and is maintained to ensure its continuing suitability, adequacy and effectiveness. Contractor has procedures in place to control the installation of software on operational systems; Contractor selects test data carefully, and the test data is protected and controlled; and Contractor restricts access to program source code. Contractor has implemented procedures to maintain the security of application system software and information; Contractor utilizes formal change control procedures to implement changes; and Contractor supervises and monitors outsourced software development. Contractor documents the technical vulnerabilities, the exposure evaluated, and the appropriate measures taken to address the associated risk.
Cryptographic controls. It is expected that the following words would apply to most organisations but modify as necessary. Describe any extra, or changed, controls for this contract.
Cryptographic controls. ● Cryptographic keys must be in line with industry best practice (minimum 256 bits for symmetric keys and 2048 bits for Asymmetric keys) ● Cryptographic keys must be protected against modification and loss ● Minimum standards must be defined for ciphers, protocols and hashing algorithms ● A recognised library must be used for cryptography algorithms ● Private keys must be transferred securely between components (minimum of AES 256)
Cryptographic controls i. Upon award and not later than six months following execution of the Contract, Contractor will create a cryptographic controls policy in place that is documented, has obtained management approval, is reviewed no less frequently than annually and is maintained to ensure its continuing suitability, adequacy and effectiveness.
Cryptographic controls. 10.1.1 Policy on the use of cryptographic controls Defined in the Eight Technology Information Security Policy
10.1.2 Key management Defined in the Eight Technology Information Security Policy
Cryptographic controls. The Consultant should put in place an appropriate policy on the use of encryption, plus cryptographic authentication and integrity controls such as digital signatures and message authentication codes, and cryptographic key management.
Cryptographic controls. Data importer shall follow a documented policy on the use of cryptographic controls. Data importer’s cryptographic controls shall:
1) Be designed to reasonably protect the confidentiality and integrity of personal data being handled by data importer in any shared network environments in accordance with the terms of this Appendix;
2) Be applied to data importer-hosted environment(s) used to transmit personal data across or to “untrusted” networks (i.e., networks that data importer does not legally control), including those environments or networks used for sending data to data exporter’s corporate network from data importer’s network, subject to data exporter’s cooperation in management of encryption keys necessary to decrypt transmissions received by data exporter; and
3) Include documented encryption key management practices to support the security of cryptographic technologies.
4) Include encryption of all personal data on laptops and other portable devices.