About Lesson
ISO/IEC 27001 and Cryptography
ISO/IEC 27001 includes specific controls related to cryptography under Annex A:
- A.10 Cryptographic Controls:
- Defines policies for the use of cryptographic algorithms and key management.
- Recommends encryption for protecting sensitive information and ensuring confidentiality.
- A.14 Security in Development:
- Cryptographic standards must be followed during the design and development of systems.
- A.18 Compliance:
- Ensures cryptographic practices align with regulatory requirements.
Organizations adopting ISO/IEC 27001 must establish clear policies for cryptographic implementations, including algorithm selection and key management.