Acceptable Encryption Standard
1.0 Overview
This standard defines additional terms and procedures that are important for understanding the use of encryption.
2.0 Purpose
The purpose of this standard is to provide all users with the appropriate information to abide by the Acceptable Encryption Policy.
3.0 Scope
This standard applies to all Murray State University data, regardless of where it is stored.
4.0 Standard
Murray State University requires that certain sensitive data, as provided in the Information Sensitivity Policy, must be encrypted. To keep this information as safe as possible, Murray State University will use regulations from cryptology experts as a baseline on what we require for encryption. The current regulations according to the National Institute of Standards and Technology (NIST) are that all confidential data must be encrypted using the Advanced Encryption Standard (AES) encryption method. This is further stated in FIPS PUB 197. Murray State University also requires a minimum 128 bit key for sensitive data and recommends a higher 256 bit key for highly sensitive data. Murray State University reserves the right to modify this policy and the key length requirements as new encryption methods arise and NIST releases newer standards.
There are many programs and methods of encrypting data that meet the Murray State University policies and standards. Which program and method the user uses is completely up to his/her discretion but users are warned that use of encryption technology not listed in this standard may be ineffective for its intended purposes and may result in a violation of these Information System policies if sensitive information is ineffectively encrypted. Further, Information Systems is unable to provide support for any encryption technologies other than those listed in this standard.