Cyber Security Policy Manual

E NCRYPTION P OLICY

P URPOSE The purpose of this policy is to define the encryption standards and provide guidance on the use of encryption technologies to protect the confidentiality and integrity of information being processed by, transmitted through, and stored on City of Greensboro’s systems and applications. S COPE This policy applies to: 1) All Information Technology assets owned and operated by the City of Greensboro. 2) All employees, contractors and consultants.

D EFINITIONS AES

Advanced Encryption Standards - specification for encrypting data established by National Institute of Standards and Technology (NIST) Secure Hash Algorithm – a hashing function used to mask confidential information in systems and applications. The SHA specification was established by National Institute of Standards and Technology (NIST) Secure Socket Layer - a standard security technology for establishing an encrypted link between a server and a client The key length (measured in bits) of the key used in a cryptographic algorithm. A 256-bit key length is extremely difficult to crack The type of information that if lost or stolen could severely impact the City of Greensboro and its residents. Examples include personal health information, bank account numbers, passwords, personally identifiable information and credit card information

SHA

SSL

256-bit

Confidential Information

R OLES AND RESPONSIBILITIES Function

Responsibility

Cyber Security & Compliance Officer Define data encryption standards to protect City’s confidential information Cyber Security Analyst Monitor systems and applications to ensure compliance to data encryption standards IT Administrators Encrypt data at rest and in transmit according to the standards defined in this policy

Cyber Security Policy Manual

20