Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-8-1

Cybersecurity Requirements For Cryptography Must Be Defined, Documented And Approved.
View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-8-2

The Cybersecurity Requirements For Cryptography Must Be Implemented.
View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-8-3

  1. The cybersecurity requirements for cryptography must include at least the requirements in the National Cryptographic Standards; published by NCA and each national entity is required to choose and implement the appropriate cryptographic standard level based on the nature and sensitivity of the data, systems and networks to be protected, and based on the risk assessment by the entity; and as per related laws and regulations; according to the following:
    1. Approved cryptographic systems and solutions standards and its technical and regulatory limitations.
    2. Secure management of cryptographic keys during their lifecycles.
    3. Encryption of data in-transit, at-rest, and while processing as per classification and related laws and regulations.
View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-8-4

The Cybersecurity Requirements For Cryptography Must Be Reviewed Periodically.
View Requirement