ENCRYPTION TECHNOLOGIES, POLICY FOR THE USE OF
The purpose of this policy is to provide guidance that limits the use of encryption to those
algorithms that have received substantial public review and have been proven to work effectively.
Additionally, this policy provides direction to ensure that Federal regulations are followed and legal
authority is granted for the dissemination and use of encryption technologies outside of the United
Proven, standard algorithms, as approved by the Chief Information Officer (CIO), should be used
as the basis for encryption technologies. These algorithms represent the actual cipher used for an
approved application. Asymmetric crypto-system keys must be of a length that yields equivalent
The use of proprietary encryption algorithms is not allowed for any purpose, unless reviewed by
qualified experts outside of the vendor in question and approved by the CIO. Be aware that the
export of encryption technologies is restricted by the U.S. Government. Residents of countries
other than the United States should make themselves aware of the encryption technology laws of
the country in which they reside.