MINIMUM ENCRYPTION STANDARDS
1. Data which is encrypted/decrypted and stored on Longwood owned computer systems should have:
· Symmetric cryptosystem key lengths that must be at least 128 bits
· Asymmetric cryptosystem keys that must be of a length that yields equivalent strength
2. Data which is encrypted/decrypted by Longwood owned computers for transmission should use:
· Web server certificates and web servers which support SSLv3/TLSv1 in strong encryption mode (128 bit or higher symmetric/bulk encryption, 1024 bit or higher public key encryption)
· For public facing resources: Certificates must be issued by a trusted certificate authority as approved by the Chief Information Officer.
· For non-public facing resources: Self signed certificates may only be used for the purpose of managing such resources.
· SSL to wrap any cleartext protocol/service not encrypted via another method
· SSH 2
· Kerberos
· PCAnywhere
· PGP
· Terminal Services
· EAP, IPSec
Approved by the Chief Information Officer, April 1, 2005.
Revised and approved by the Chief Information Officer, September 15, 2006.
Revised and approved by the Chief Information Officer, July 29, 2008.