A10 Cryptography

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 52 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:02
there is an 11.6
00:04
8 10 cryptography
00:09
in this video. We will cover an understanding of control Sit 18
00:14
as well as its controls in any required documentation.
00:25
A 10 cryptography only contains one control set,
00:30
which is made up of two controls.
00:34
This is a 10.1 point 10 cryptographic controls,
00:39
and this is quite a short section.
00:41
The first control is a 10.1 point one,
00:46
which is the policy on the use of cryptographic controls,
00:50
which basically states that a policy policy should be established
00:55
on the use of cryptographic controls
00:57
for the protection of information.
01:00
The next control, a 10.1 point two,
01:06
is key management.
01:10
This control stipulates
01:11
that a policy should be established
01:14
for the use,
01:15
protection and lifetime
01:18
of cryptographic keys,
01:22
examples of documentation
01:25
that could be generated and used as evidence as part of the operation off. This clause
01:30
and its various controls
01:33
includes the cryptography policy
01:36
standards,
01:38
any other policies and guidelines which concerned algorithms and key lengths for encryption and authentication,
01:47
key management policies, guidelines and activities
01:51
as well. A system evidence off configuration and management there. Oh,
01:56
public key infrastructure information
02:00
such as your certificate, practice statement,
02:04
digital certificates themselves
02:07
or digital signatures
02:08
and so forth.
02:16
During this video, we covered the one control area that makes up Control State 18.
02:23
As we can see, this is quite a short section,
02:28
and the level of detail in this would depend on how much cryptography your organization is making. Use off.
02:36
If your organization has a full on public key infrastructure deployment,
02:40
where it is acting as a certificate authority
02:44
or a registration authority,
02:46
there would be far more controls that need to be implemented.
02:50
But these are governed by another standard known as the Web Trust principles.
02:55
Well, your organization makes use of self signed certificates
03:00
or any other keys that are used to connect devices such as an Internet of things
03:06
device deployment architectures.
03:08
This control would definitely be applicable to your organization,
03:14
so ensure that you have established and documented the appropriate controls
03:17
to manage cryptography effectively within your organization.
Up Next