in this video. We will cover an understanding of control Sit 18
as well as its controls in any required documentation.
A 10 cryptography only contains one control set,
which is made up of two controls.
This is a 10.1 point 10 cryptographic controls,
and this is quite a short section.
The first control is a 10.1 point one,
which is the policy on the use of cryptographic controls,
which basically states that a policy policy should be established
on the use of cryptographic controls
for the protection of information.
The next control, a 10.1 point two,
This control stipulates
that a policy should be established
protection and lifetime
of cryptographic keys,
examples of documentation
that could be generated and used as evidence as part of the operation off. This clause
and its various controls
includes the cryptography policy
any other policies and guidelines which concerned algorithms and key lengths for encryption and authentication,
key management policies, guidelines and activities
as well. A system evidence off configuration and management there. Oh,
public key infrastructure information
such as your certificate, practice statement,
digital certificates themselves
or digital signatures
During this video, we covered the one control area that makes up Control State 18.
As we can see, this is quite a short section,
and the level of detail in this would depend on how much cryptography your organization is making. Use off.
If your organization has a full on public key infrastructure deployment,
where it is acting as a certificate authority
or a registration authority,
there would be far more controls that need to be implemented.
But these are governed by another standard known as the Web Trust principles.
Well, your organization makes use of self signed certificates
or any other keys that are used to connect devices such as an Internet of things
device deployment architectures.
This control would definitely be applicable to your organization,
so ensure that you have established and documented the appropriate controls
to manage cryptography effectively within your organization.