A10 Cryptography

00:02

there is an 11.6

00:04

8 10 cryptography

00:09

in this video. We will cover an understanding of control Sit 18

00:14

as well as its controls in any required documentation.

00:25

A 10 cryptography only contains one control set,

00:30

which is made up of two controls.

00:34

This is a 10.1 point 10 cryptographic controls,

00:39

and this is quite a short section.

00:41

The first control is a 10.1 point one,

00:46

which is the policy on the use of cryptographic controls,

00:50

which basically states that a policy policy should be established

00:55

on the use of cryptographic controls

00:57

for the protection of information.

01:00

The next control, a 10.1 point two,

01:06

is key management.

01:10

This control stipulates

01:11

that a policy should be established

01:14

for the use,

01:15

protection and lifetime

01:18

of cryptographic keys,

01:22

examples of documentation

01:25

that could be generated and used as evidence as part of the operation off. This clause

01:30

and its various controls

01:33

includes the cryptography policy

01:36

standards,

01:38

any other policies and guidelines which concerned algorithms and key lengths for encryption and authentication,

01:47

key management policies, guidelines and activities

01:51

as well. A system evidence off configuration and management there. Oh,

01:56

public key infrastructure information

02:00

such as your certificate, practice statement,

02:04

digital certificates themselves

02:07

or digital signatures

02:08

and so forth.

02:16

During this video, we covered the one control area that makes up Control State 18.

02:23

As we can see, this is quite a short section,

02:28

and the level of detail in this would depend on how much cryptography your organization is making. Use off.

02:36

If your organization has a full on public key infrastructure deployment,

02:40

where it is acting as a certificate authority

02:44

or a registration authority,

02:46

there would be far more controls that need to be implemented.

02:50

But these are governed by another standard known as the Web Trust principles.

02:55

Well, your organization makes use of self signed certificates

03:00

or any other keys that are used to connect devices such as an Internet of things

03:06

device deployment architectures.

03:08

This control would definitely be applicable to your organization,

03:14

so ensure that you have established and documented the appropriate controls