CONTENT

1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. REQUIRED USE OF ENCRYPTION
4. DATA AT REST
4.1 COMPANY LAPTOPS AND WORKSTATIONS
4.2 COMPANY MOBILE DEVICES AND PHONES
4.3 REMOVABLE STORAGE
5. DATA ENCRYPTION IN TRANSIT
5.1 WAN
5.2 WIRELESS NETWORK
5.3 VPN
5.4 APPLICATION PORTALS
5.5 REMOTE DESKTOP
5.6 EMAIL
6. KEY MANAGEMENT
6.1 KEY GENERATION
6.2 KEY PROTECTION
6.3 DISTRIBUTION
6.4 STORAGE
6.5 USAGE PERIODS, ROTATION AND ARCHIVAL
6.6 UPDATING AND RENEWAL
6.7 RETRIEVAL AND REVOCATION
6.8 BACKUP AND RECOVERY
6.9 RETIREMENT
6.10 DESTRUCTION
7. EXCEPTIONS
8. FINAL CONSIDERATIONS
8.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
8.2 DOCUMENT REVISION

Pages: 12