IT Baseline Protection Manual S 2.166 Provisions governing the use of crypto modules
S 2.166 Provisions governing the use of crypto modules
Initiation responsibility: IT Security Management
Implementation responsibility: IT Security Management
A range of security requirements on the use of crypto modules also has to be imposed in the course of ongoing operation. These must be appropriately integrated into the technical and organisational environment in which they are used.
To achieve this, certain organisational regulations have to be put in place:
Certain members of staff must be nominated as having responsibility for drawing up the cryptographic concept, for selecting the cryptographic products and for ensuring their reliable operation.
Suitable personnel measures must be specified and implemented (training, user support, deputisation arrangements, obligations, apportioning of functions).
Users should not only be trained in how to handle the crypto modules that they are to operate, they should also be made aware of the benefit and the necessity of the cryptographic procedures and be given an overview of basic cryptographic terms (see also S 3.23 ).
There must be a clear definition of what needs to be done if problems occur in the use of crypto modules, or if there is even a suspicion of a security incident. All users must be informed of the relevant procedures and reporting channels.
Within the framework of the cryptographic concept it must be established who is obliged or allowed to use which crypto products when, and what marginal conditions need to be observed (e.g. key escrow).
There should be regular checks that the crypto modules are being used correctly. It should also be regularly examined whether the cryptographic procedures in use still represent the state of the art (for further details see also S 2.35 Obtaining information on security weaknesses of the system).
Replacement crypto modules should be held in reserve in accordance with the defined availability requirements, in order to guarantee smooth operation. This is important in particular where access to encrypted data is dependent on the functional capability of an individual crypto module, for example in the case of data archiving or ISDN encryption.
Reliable, secure operation of the crypto modules must be ensured; this includes:
Before they are put into operation, the optimum configuration of the crypto modules must be determined, for example regarding key lengths, operating modes or crypto algorithms.
Once defined, the configuration must be documented so that it can be set up again quickly after a system failure of if reinstallation becomes necessary.
The crypto products must be pre-configured by the administrator for the users so as to automatically achieve the maximum possible degree of security.
If the crypto products are relatively complex, suitable manuals must be available.
The crypto modules must be securely installed and subsequently tested (for example whether they encrypt correctly and whether they can be operated by the users).
The demands on the usage environment must be determined; if necessary, supplementary measures may have to be taken in the IT environment. The security-related requirements applicable to the IT systems on which the cryptographic procedures are used are shown in the respective system-specific modules, for example Chapter 5 for clients (including laptops) and Chapter 6 for servers.
It must be determined who has to maintain the crypto modules, and how often.
Various specifications also have to be laid down in relation to key management (see S 2.46 Appropriate key management):
Specifications on the generation and selection of keys
Specifications on the secure storage of cryptographic keys
Stipulation of the key change strategy and intervals
Additional controls:
Have regulations been defined for the use of cryptographic procedures?
Is the crypto concept up to date?
Who is responsible for answering users' queries concerning the use of crypto modules?