18.5: Use only Standardized and Extensively Reviewed Encryption Algorithms
Use only standardized, currently accepted, and extensively reviewed encryption algorithms.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
N/A |
N/A |
2, 3 |
Dependencies
None
Inputs
List of encryption algorithms used by the organization
Authoritative source that identifies which encryption algorithms are standardized, currently accepted, and extensively reviewed.
Operations
- For each encryption algorithm in Input 1, check Input 2 to see if that encryption algorithm is standardized, currently accepted, and extensively reviewed.
Create a list of the encryption algorithms that meet all of these criteria (M1)
Create a list of the encryption algorithms that do not meet all of these criteria (M2).
Measures
M1 = List of encryption algorithms used by the organization that are standardized, currently accepted, and extensively reviewed (compliant list)
M2 = List of encryption algorithms used by the organization that do not meet these criteria (non-compliant list)
M3 = Count of encryption algorithms used by the organization that are standardized, currently accepted, and extensively reviewed (count of M1)
M4 = Total count of encryption algorithms used by the organization (count of Input 1)
Metrics
Coverage
Metric |
The ratio of encryption algorithms used by the organization that are standardized,
currently accepted, and extensively reviewed
|
Calculation |
|