ENCRYPTION TECHNOLOGIES, POLICY FOR THE USE OF

The purpose of this policy is to provide guidance that limits the use of encryption to those

algorithms that have received substantial public review and have been proven to work effectively.

Additionally, this policy provides direction to ensure that Federal regulations are followed and legal

authority is granted for the dissemination and use of encryption technologies outside of the United

States.

Proven, standard algorithms, as approved by the Chief Information Officer (CIO), should be used

as the basis for encryption technologies. These algorithms represent the actual cipher used for an

approved application. Asymmetric crypto-system keys must be of a length that yields equivalent

strength.

The use of proprietary encryption algorithms is not allowed for any purpose, unless reviewed by

qualified experts outside of the vendor in question and approved by the CIO. Be aware that the

export of encryption technologies is restricted by the U.S. Government. Residents of countries

other than the United States should make themselves aware of the encryption technology laws of

the country in which they reside.