Encryption Policy

The Encryption Policy of Netspective Communications LLC defines the requirements for using cryptographic controls and keys to protect information confidentiality, integrity, authenticity, and nonrepudiation. The policy applies to all information, systems, equipment, and facilities within the scope of the Netspective Communications LLC’s information security program. All employees, contractors, part-time and temporary workers, service providers, and those employed by others to perform work on behalf of the Netspective Communications LLC must comply with this policy when dealing with cryptographic systems, algorithms, or keying material.

The Netspective Communications LLC must protect individual systems or information by means of cryptographic controls as defined in below table

Table: Cryptographic Controls

1. The owners must manage keys in Netspective Communications LLC, except where otherwise stated. [FII-SCF-008-CRY-09]
   

2. Netspective Communications LLC, protecting cryptographic keys against loss, change, or destruction requires applying appropriate access control mechanisms to prevent unauthorized use and regularly backing up keys.[FII-SCF-008-CRY-01]
   

3. Netspective Communications LLC must perform key management actively, using software that automatically manages access control, secure storage, backup, and rotation of keys.[FII-SCF-008-CRY-01]
   

4. Netspective Communications LLCs key management service must grant key access to specifically-designated users, who should have the ability to encrypt/decrypt the information and generate data encryption keys.[FII-SCF-008-CRY-05]
   

5. Netspective Communications LLC’s key management service must grant key administration access to specifically-designated users, who should be able to create, schedule, delete, enable/disable rotation, and set usage policies for keys.[FII-SCF-008-CRY-01]
   

6. Netspective Communications LLC’s key management service must actively rotate keys at least once every 12 months.[FII-SCF-008-CRY-01]