M5.2.6 - REGULATION CRYPTOGRAPHIC CONTROLS Implementation Guidance
The entity shall use cryptographic controls in compliance with all relevant legislations, regulations, and agreements.
Back to M5.2.6 - P2 - REGULATION CRYPTOGRAPHIC CONTROLS
The following items should be considered for compliance with the relevant legislations, regulations, and agreements:
- A. Restrictions on import and/or export of computer hardware and software for performing cryptographic functions
- B. Restrictions on import and/or export of computer hardware and software which is designed to have cryptographic functions added to it
- C. Restrictions on the usage of encryption
- D. Mandatory or discretionary methods of access by the countries’ authorities to information encrypted by hardware or software to provide confidentiality of content
Legal advice should be sought to ensure compliance with national laws and regulations. Before encrypted information or cryptographic controls are moved to another country, legal advice should also be taken.
