Carnegie Mellon University Website Home Page
 

Guidelines for Data Protection (cont.)

View/Download PDF
lvl_2colHorizontalRule

Encryption

The following tables define baseline encryption and key management controls for protecting Institutional Data.

Encryption

ID Control Public Private Restricted
EN-1 Institutional Data transmitted over a network connection is encrypted Optional Recommended Required
EN-2 Institutional Data stored on Electronic Media is encrypted Optional Recommended Recommended
EN-3 Data stored on removable Electronic Media is encrypted Optional Recommended Required
EN-4 Data stored on a mobile computing device is encrypted Optional Recommended Required
EN-5 Remote administration of an Information System is performed over an encrypted network connection Required Required Required

Key Management

ID Control Public Private Restricted
EN-6 Industry accepted algorithms are used where encryption and/or digital signing are employed Recommended Required Required
EN-7 Key sizes of 128-bits or greater are used where symmetric key encryption is employed * Recommended Required Required
EN-8 Key sizes of 1024-bit or greater are used where asymmetric key encryption is employed * Recommended Required Required
EN-9 Keys are changed periodically where encryption is employed Recommended Required Required
EN-10 Keys are revoked and/or deleted when they are no longer needed to perform a business function Recommended Required Required

Supplemental Guidance

ES-7 and ES-8:  These controls establish baseline key sizes for symmetric key encryption (e.g. AES and 3DES) and asymmetric encryption (e.g. RSA and Diffie-Hellman). However industry trends illustrate a gradual movement toward larger key sizes. For example, the National Institute of Standards and Technology now requires 256-bit and 2048-bit keys for certain aspects of personal identity verification when dealing with federal information systems (see Special Publication 800-78). Data Custodians should evaluate any contractual obligations that might exist when selecting an appropriate key size.