{"id":1854,"date":"2024-08-19T18:07:46","date_gmt":"2024-08-19T18:07:46","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=1854"},"modified":"2024-09-06T13:28:32","modified_gmt":"2024-09-06T13:28:32","slug":"sc-13-cryptographic-protection","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/system-and-communications-protection-sc\/sc-13-cryptographic-protection\/","title":{"rendered":"SC-13: Cryptographic Protection"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">SC-13: Cryptographic Protection<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>NIST Baseline: <\/strong>Low&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>DIR Required By:<\/strong> &nbsp;07\/20\/2023&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: &nbsp;<\/strong>08\/08\/2024&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>Tarleton State University (Tarleton) encryption requirements for information storage devices and data transmissions, as well as specific requirements for portable devices, removable media, and encryption key standards and management, shall be based on documented risk management decisions.&nbsp;<\/li>\n\n\n\n<li>Confidential data must be protected with appropriate encryption at all times, both at rest and in transit (see <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/risk-assessment-ra\/ra-2-security-categorization\/\">Control RA-2, Security Categorization<\/a>).\u00a0\n<ul class=\"wp-block-list\">\n<li>Confidential data must be encrypted if copied to, or stored on, a portable computing device, or removable media (see <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/media-protection-mp\/mp-7-media-use\/\">Control MP-7, Media Use<\/a>).\u00a0<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Tarleton data that is transmitted over a public network (i.e. the Internet) should be encrypted where feasible, especially data that is classified as university-internal, unless the information is designated as public information (see <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/system-and-communications-protection-sc\/sc-8-transmission-confidentiality-and-integrity\/\">Control SC-8, Transmission Confidentiality and Integrity<\/a>).\u00a0<\/li>\n\n\n\n<li>The minimum algorithm strength for protecting confidential data is a 128-bit encryption algorithm in accordance with Texas Department of Information Resources (DIR) Security Control Catalog requirements, also subject to state organization risk management decisions justified and documented in accordance with 1 Texas Administrative Code <a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=21#:~:text=(c)%20The%20Information%20Security%20Officer%2C%20with%20the%20approval%20of%20the%20agency%20head%2C%20may%20issue%20exceptions%20to%20information%20security%20requirements%20or%20controls%20in%20this%20chapter.%20Any%20such%20exceptions%20shall%20be%20justified%2C%20documented%2C%20and%20communicated.\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a7202.21(c)<\/a> and <a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=71#:~:text=(c)%20The%20Information%20Security%20Officer%2C%20with%20the%20approval%20of%20the%20agency%20head%2C%20may%20issue%20exceptions%20to%20information%20security%20requirements%20or%20controls%20in%20this%20chapter.%20Any%20such%20exceptions%20shall%20be%20justified%2C%20documented%20and%20communicated.\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a7202.71(c)<\/a> and 1 Texas Administrative Code <a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=25\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a7202.25<\/a> and <a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=75\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a7202.75<\/a>.&nbsp;\n<ul class=\"wp-block-list\">\n<li>Subject to documented risk management decisions, a unit may also choose to implement additional protections, including stronger encryption algorithms or key lengths.&nbsp;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>References\/Additional Resources<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=21#:~:text=(c)%20The%20Information%20Security%20Officer%2C%20with%20the%20approval%20of%20the%20agency%20head%2C%20may%20issue%20exceptions%20to%20information%20security%20requirements%20or%20controls%20in%20this%20chapter.%20Any%20such%20exceptions%20shall%20be%20justified%2C%20documented%2C%20and%20communicated.\" target=\"_blank\" rel=\"noreferrer noopener\">1 TAC \u00a7 202.21(c)<\/a>&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=71#:~:text=(c)%20The%20Information%20Security%20Officer%2C%20with%20the%20approval%20of%20the%20agency%20head%2C%20may%20issue%20exceptions%20to%20information%20security%20requirements%20or%20controls%20in%20this%20chapter.%20Any%20such%20exceptions%20shall%20be%20justified%2C%20documented%20and%20communicated.\" target=\"_blank\" rel=\"noreferrer noopener\">1 TAC \u00a7 202.71(c)<\/a>&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=25\" target=\"_blank\" rel=\"noreferrer noopener\">1 TAC \u00a7 202.25<\/a>&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=75\" target=\"_blank\" rel=\"noreferrer noopener\">1 TAC \u00a7 202.75<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SC-13: Cryptographic Protection NIST Baseline: Low&nbsp; DIR Required By: &nbsp;07\/20\/2023&nbsp; Review Date: &nbsp;08\/08\/2024&nbsp; References\/Additional Resources 1 TAC \u00a7 202.21(c)&nbsp;&nbsp; 1 TAC \u00a7 202.71(c)&nbsp;&nbsp; 1 TAC \u00a7 202.25&nbsp;&nbsp; 1 TAC \u00a7 &#8230;<\/p>\n","protected":false},"author":1,"featured_media":580,"parent":1979,"menu_order":5,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-1854","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/brian-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"brian"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 2 years ago"},"absolute_dates":{"created":"Posted on August 19, 2024","modified":"Updated on September 6, 2024"},"absolute_dates_time":{"created":"Posted on August 19, 2024 6:07 pm","modified":"Updated on September 6, 2024 1:28 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1854","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=1854"}],"version-history":[{"count":0,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1854\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1979"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=1854"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}