POL00362910
POL00362910
Post Office Limited - Document Classification: CONFIDENTIAL
@
Cyber Security Standard
Encryption Standard
Version — V3.2
INTERNAL Page 1 of 15 Encryption Standard
v3.2
POL00362910
POL00362910
Post Office Limited - Document Classification: CONFIDENTIAL
®
Do OVEPVIOW 20. cee cceeeeseeeeeceneensseneeenenennescuneeeesesnnesseeseceeansnssaaeeeeessessscuaceeeeeseseteeeeaees 3
1.1. Introduction by the Standard OWNED .........:ccccsceseeeeeeseeeeeeeseesseeuueeuueeeeeeeereeeees 3
1.2 PUPPOSE oo... ceecesececeeseeeesseeeseneeeeeeeeeeeeeeeeseeesssaaeeneeeeesseeeeeeeseeeseseusaaansenseeseeees 3
1.3. Core Principles.
1.4 Application.
2 Policy Framework
2.1. Policy Framework
2.2 Who must comply?
3
4 Cryptographic Provision Guidance .........cccccceeeeeeeeeeeeseeeeessueeeesueeeeseueeesseeeeeseeeeeuene 9
4.1 Public Key Infrastructure........cccccceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeaeeeeeaeeeeeaaeeeeeeesenaeees 9
4.2 Risk-based ASSESSMENES ........ssseeesseeeeseeeseteeestteeeeteeesnteeessieeesnseeestaeeeeneneeens 10
4.3 Key Management ........ccccssssssessesseesseeeeeeeceessseaesaneneesseeeseeeseeeseessaeeeeaaeenense® 10
4.4 Compromise of Cryptographic Material ............:::sseeseeseeeeeeeeeeeseeesseeeeneeeeeene® 11
4.5 PCI-DSS
5 Minimum Requirements
6 Where to go for help.
6.1 Additional Policies .
6.2 HOW to raise A CONCEFN oo... eee eect eeeete eee e eee eee e eee etntnee eee e eet nntteeeeeeeee ene 14
6.3 Who to contact for more information ...........c::cceeee eee eee eee e eee 14
7 Version Control & APproval.......ccccceseeecseeeeeeeeeeeeseeeeeeeeeeeeauesesaaeeessunesesaeeseennesenen 15
7.1L VOrsION CONTIOL....sccssscsessscensessenssceesssscessseensessensessassassanenssassssarestsesassesans 15
7.2 Standard Approval ..........ccsssseseeseeeeeeeeeeeeeeeesseseeeeeeeeeeeeeeeeeeeeeesaeeneeeeeeseeeees 15
INTERNAL Page 2 of 15 Encryption Standard
v3.2
POL00362910
POL00362910
Post Office Limited - Document Classification: CONFIDENTIAL
1 Overview
1.1 Introduction by the Standard Owner
Post Office is committed to protecting its employees, customers, Third Party Supply Chain
and information assets from damaging or illegal actions by individuals, either knowingly
or unknowingly. Post Office enables this through the development and deployment of
policies, standards and guidelines which are aligned to international best practices.
Effective cyber and information security is a team effort involving everyone in Post Office.
1.2 Purpose
The purpose of this document is to state a minimum security baseline to ensure encryption
controls are applied, where appropriate. This must incorporate effective key management
controls and practices to ensure strong key lifecycle management controls vital to guarding
against key compromise.
The objective of this standard is to ensure:
e Technical and procedural standards are defined for the safe, efficient and effective
deployment of cryptographic services in support of business objectives.
« The use of encryption keys does not expose Post Office to crypto-analysis or brute
force key cracking to compromise the data.
« Stored encrypted data can be retrieved and decrypted even if the ordinary method
of decrypting data is not possible.
e The distribution of keys to known entities that are authorised to access the
encrypted data is controlled and managed.
To ensure compliance to the business requirements, and items which are subject to legal
and regulatory related encryption requirements, specific control requirements for the
handling of Payment Card Industry - Data Security Standard (PCI-DSS), Data Protection
Act 2018 and Government data must be included.
The following requirements will be implemented, where appropriate:
e Encryption for transmission, (data-in-motion).
e Encryption for storage, (data-at-rest).
Encryption solutions will be subject to approval by IT Security and must be fully
documented when applied to any Post Office managed service.
1.3 Core Principles
To ensure appropriate use and management of encryption controls, (e.g. preserve the
integrity of sensitive information and confirm the identity of the originator of
transactions or communications).
To work towards meeting this objective it is essential that the following actions are
performed:
e Aset of business requirements must be gathered and documented.
e <Asecurity assessment by IT Security must be performed and documented.
INTERNAL Page 3 of 15 Encryption Standard
v3.2
POL00362910
POL00362910
Post Office Limited - Document Classification: CONFIDENTIAL
« A Data Privacy Impact Assessment must be performed and documented.
Based on a review of the above outputs, determine if cryptographic controls are
required.
1.4 Application
This standard applies to any service provided to the Post office where Post Office data or
data processed by the Post Office on behalf of third parties is in transit or at rest.
INTERNAL Page 4 of 15 Encryption Standard
v3.2
POL00362910
POL00362910
Post Office Limited - Document Classification: CONFIDENTIAL
2 Policy Framework
2.1 Policy Framework
This standard forms part of the Cyber and Information Security Policy Set. This contains
controls that form part of the Information Technology Control Framework (ITCF) governed
by the overarching Post Office wide framework.
2.2 Who must comply?
Compliance with this standard is mandatory for all Post Office employees and applies
wherever in the world Post Offices business is undertaken. All third parties who do business
with Post Office, including consultants, suppliers and business and franchise partners, will
be required to agree contractually to this standard or have their own equivalent
standard/policy.
INTERNAL Page 5 of 15 Encryption Standard
v3.2
Post Office Limited - Document Classification: CONFIDENTIAL
3 Minimum Controls
POL00362910
POL00362910
The table below sets out the minimum control standards.
Control Ref Control Attestation Guidance
PHT0575 Manage the use of encryption I Employ only secure versions of cryptographic controls.
controls and cryptographic Establish, implement, and maintain an encryption management and
controls. cryptographic controls policy.
Establish, implement, and maintain cryptographic key management procedures.
Disseminate and communicate cryptographic key management procedures to
interested personnel and affected parties.
PHTO580 Recover encrypted data for The organization shall establish procedures for recovering damaged or lost
lost cryptographic keys, cryptographic keys
compromised cryptographic Cryptographic key management policy, standards and procedures covering key
keys, or damaged generation, distribution, installation, renewal, revocation, recovery and expiry
cryptographic keys. should be established
Maintain availability of information in the event of the loss of cryptographic keys
by users.
PHT0581 Generate strong Use approved random number generators for creating cryptographic keys.
cryptographic keys.
PHT0583 Implement decryption keys so I Decryption keys must not be tied to user accounts
that they are not linked to
user accounts.
PHT0584 Include the establishment of Policies and procedures shall be established, and supporting business processes
cryptographic keys in the and technical measures implemented, for the management of cryptographic keys
cryptographic key in the service's cryptosystem (e.g., lifecycle management from key generation to
management procedures. revocation and replacement, public key infrastructure)
PHT0585 Disseminate and The Key Management Plan should include how cryptographic keys are received
communicate cryptographic The Key Management Plan should include how the cryptographic keys are
keys securely. delivered
INTERNAL Page 6 of 15 Encryption Standard
3.22
Post Office Limited - Document Classification: CONFIDENTIAL
POL00362910
POL00362910
The Key Management Plan should include local, remote, and central
cryptographic key distribution.
PHTO586 Store cryptographic keys Restrict access to cryptographic keys.
securely. Store cryptographic keys in encrypted format.
Store key-encrypting keys and data-encrypting keys in different locations.
PHT0590 Change cryptographic keys, Procedures should include the process for changing cryptographic keys at the end
as necessary. of a defined cryptoperiod.
The organization must ensure the cryptographic key procedures include the
periodic changing of cryptographic keys. The keys should be changed at least
annually or whenever a key is suspected of or known to be compromised
PHT0591 Destroy cryptographic keys Procedures should include processes for archiving, destroying keys
promptly after the retention
period.
PHT0592 Control cryptographic keys The organization should implement segregation of duties, so one individual does
with split knowledge and dual I not have knowledge of the entire cryptographic key or access to the all parts that
control. make up the cryptographic key
PHT0593 Prevent the unauthorized The organization should implement techniques to detect when cryptographic keys
substitution of cryptographic are substituted
keys. The organization must ensure the cryptographic key procedures include the
procedures to prevent unauthorized cryptographic keys from being substituted for
the original key
PHT0594 Manage outdated Revoke old cryptographic keys or invalid cryptographic keys immediately.
cryptographic keys, Replace known or suspected compromised cryptographic keys immediately.
compromised cryptographic
keys, or revoked
cryptographic keys.
PHT0597 Require key custodians to Key-management procedures should be implemented to require key custodians to
sign the key custodian's roles I sign a form specifying that they understand and accept their key-custodian
and responsibilities. responsibilities.
PHT0598 Establish, implement, and Establish, implement, and maintain Public Key renewal or rekeying request
maintain Public Key certificate I procedures.
application procedures.
PHTO600 Use strong data encryption to I See Classification Standard
transmit restricted data or
INTERNAL Page 7 of 15 Encryption Standard
3.22
Post Office Limited - Document Classification: CONFIDENTIAL
POL00362910
POL00362910
restricted information, as Configure the encryption strength to be appropriate for the encryption
necessary. methodology of the cryptographic controls. This applies to both data in transit
and data at rest.
PHT0602 Encrypt traffic over public Information communicated between database servers and web applications is
networks with trusted encrypted.
cryptographic keys. The control system shall provide the capability to protect the confidentiality of
information traversing any zone boundary
PHT0603 Establish trusted paths to Protect application services information transmitted over a public network from
CTRLOO20609 transmit restricted data or unauthorized modification.
restricted information over Protect application services information transmitted over a public network from
public networks or wireless unauthorized disclosure.
networks. Protect application services information transmitted over a public network from
contract disputes.
Protect application services information transmitted over a public network from
fraudulent activity.
An assessment is performed to define:
- All network communication methods that require protection; and
- required encryption depending on types of content being transferred.
The assessment is aligned with POL’s Encryption Standard
All exceptions are appropriately managed e.g. remediation or included as part of
a residual risk assessment.
PHT0615 Disseminate and Establish a standard change management procedure, to accommodate changes
communicate any changes in_ I from internal and external sources, for review, approval, implementation and
the cryptosystem to communication of cryptographic, encryption and key management technology
interested personnel and changes
affected parties.
INTERNAL Page 8 of 15 Encryption Standard
3.22
Post Office Limited - Document Classification: CONFIDENTIAL
4 Cryptographic Provision Guidance
POL00362910
POL00362910
Where cryptographic services are required, only approved cryptographic solutions (i.e.
tools, processes, algorithms, and key lengths) are to be used.
The approved algorithms can be found in section 5 Minimum Requirements.
There will be a documented cryptography security and key lifecycle management solution
that will consist of, at a minimum, the following:
4.1
Effective security governance arrangements of cryptographic controls, when used
to reduce information risk and securing of data.
Operation of the service with a view to good industry standard security practices,
ensuring operational management processes and procedures (i.e. cryptographic
keys and digital certificates) used by the technologies.
Safeguard encryption keys with at least one, if not all, of the following options:
o Encryption key files within an encryption key management system.
o Encryption key files with a trusted third party through an agreed escrow
service.
Roles and responsibilities are clearly defined and individuals with the required
expertise fulfil each role.
Policies, processes, procedures and implementation mechanisms must be in place
for encrypting sensitive information when required for:
o Data-at-rest (e.g. information systems, application, databases and
endpoints).
o Data-in-motion (e.g. system interfaces, electronic messaging, and
untrusted networks).
o Integrity.
o Non-repudiation.
Digital certificates deployed comply with the X.509 standard.
Strong cryptographic and security protocols are regularly reviewed to identify any
risks or vulnerabilities.
Public Key Infrastructure
A documented process for managing cryptographic keys must be established which
includes the following:
Generation of cryptographic keys using industry recommended key lengths (see
section 4 ‘Minimum Requirements’ for further details).
Secure distribution, activation, storage, recovery and replacement/update of
cryptographic keys.
Immediate revocation (deactivation) of cryptographic keys (e.g. if a key is
compromised, or a key owner changes job or leaves the Post Office). Management
of cryptographic keys that may have been compromised, such as by disclosure to
an external party.
Recovery of cryptographic keys that are lost, corrupted or have expired.
Backup/archive of cryptographic keys and the maintenance of cryptographic key
history (e.g. to allow access to backed up or archived information).
Allocation of defined activation/de-activation dates.
Restriction of access to cryptographic keys to authorised individuals.
INTERNAL Page 9 of 15 Encryption Standard
3.22
POL00362910
POL00362910
Post Office Limited - Document Classification: CONFIDENTIAL
e The encryption solution should not allow for or accept substitution of keys coming
from unauthorized sources or unexpected processes
e Sharing of cryptographic keys (e.g. using split key generation) required for
protecting sensitive information and critical systems.
e Actions to be taken in the event of loss or compromise of the public key
infrastructure.
e Establishment of a root Certification Authority (CA) and one or more subsidiary CAs
(sub-CAs). Use of Post Office root CA to sign sub-CA’s, which will be used to
produce operational cryptographic material.
e Methods of protecting important internal CAs (and related sub-CAs).
e Integration of the public key infrastructure with business applications and technical
infrastructure that will use it.
e Establishment of one or more Registration Authorities (RAs).
4.2 Risk-based Assessments
The selection and implementation of a cryptographic solution must take into account the
following:
e Assessing the risks (including legal risks) associated with using cryptographic
solutions (including encryption algorithms).
e Identifying legal obligations (for relevant jurisdictions).
e Identify the data types (e.g. PCI-DSS, client, customer, business, HR data etc.).
e Identify data that is hosted and communicated (e.g. at-rest and/or in-motion).
IT Security are responsible for:
e Approving the use of cryptographic solutions.
e Approving the assignment of responsibilities for cryptographic solutions.
« Providing advice regarding conflicting laws and regulations (including dealing with
license issues) relating to the use of encryption (cryptographic solutions) in
different jurisdictions.
e Reviewing compliance and providing input into the requirements to ensure the
technology supports future capabilities.
4.3 Key Management
Ensure that the security of the encrypted data by the cryptographic scheme cannot be
undermined by malicious intent directed at the key management process, protecting
access to the keys in storage that could be used to compromise trust in the cryptographic
scheme.
Key management should address the following stages of the lifecycle:
Key generation
Key registration
Key storage
Key distribution and installation
Key use
Key rotation
Key backup
Key recovery
Key revocation
INTERNAL Page 10 of 15 Encryption Standard
3.22
POL00362910
POL00362910
Post Office Limited - Document Classification: CONFIDENTIAL
e Key suspension
e Key destruction
4.4 Compromise of Cryptographic Material
The Post Office must be informed of any known breach or compromise of a cryptographic
key or certificate as this is classed as a potential Security Incident. All Security Incidents
must to be reported using the agreed Incident Management Process, which will be
managed in accordance with contractual obligations.
In order to contain any potential impact to the integrity and confidentiality of Post Office
data, all compromised cryptographic keys or certificates may need to be revoked and
replaced, subject to completion of evidence gathering as part of any forensic investigation.
4.5 PCI-DSS
All payment cardholder data in scope for PCI-DSS must be encrypted in accordance with
the current PCI-DSS standards
INTERNAL Page 11 of 15 Encryption Standard
3.22
Post Office Limited - Document Classification: CONFIDENTIAL
5 Minimum Requirements
POL00362910
POL00362910
Not all combinations of algorithms and key sizes are appropriate. To enhance
interoperability obtain authentication, signature, and key establishment certificates with
complementary algorithms for all public keys.
The following table shows the minimum requirements for various cryptographic uses:
Hash function summary
Primitive Output Length Recommendation
Legacy Future
SHA-2 256, 384, 512 v v
SHA-3 256, 384, 512 v v
Whirlpool 512 v v
SHA-2 224 v
RIPEMD-160 160 v
SHA-1 160 v
MD-5 128
RIPEMD-128 128 x
Recommended Algorithms and Key Sizes
Legacy Recommendation
Legacy Future
AES Symmetric Key Size 80 128 256
Please note - Symmetric key encryption is subject to key search attacks, (e.g. brute force attacks). To minimize the risk of
key search attacks,
INTERNAL
longer key lengths decrease the possibility of successful attacks.
Key Type
Algorithms and Key Sizes
Digital Signature keys used for
authentication (for User or Devices)
RSA (2048 bits)
ECDSA (Curve P-256)
Digital Signature keys used for non-
repudiation (for User or Devices)
RSA (2048 bits)
ECDSA (Curve P-256 or P-384)
CA and OCSP Responder Signing
Keys
RSA (2048 bits or 3072 bits)
ECDSA (Curve P-256 or P-384)
Key Establishment Keys (for Users
or Devices)
RSA (2048 bits)
Diffie-Hellman (2048 bits)
ECDSA (Curve P-256 or P-384)
Page 12 of 15
Encryption Standard
3.22
POL00362910
POL00362910
Post Office Limited - Document Classification: CONFIDENTIAL
The private keys of important internal CAs and related sub-CAs must be reviewed by IT
Security and should be protected by:
Storing them on approved hardware (e.g. a hardware storage module (HSM)), which is
subject to strong logical and physical controls.
Sharing them across two or more authorised individuals (often referred to as secret
splitting or key sharing) to avoid misuse of the CA (and related sub-CAs).
The following table shows the recommendations for CAs:
Digital Signature Recommendations for CAs and OCSP Responders.
Public Key Algorithms and Key I Hash Algorithms Padding Scheme
Sizes
RSA (2048 or 3072 bits) SHA-256 PKCS #1 v1.5
ECDSA (Curve P-256) SHA-256 N/A
ECDSA (Curve P-384) SHA-256 N/A
Recommendations Combinations for the Recommended Algorithms and Key.
Authentication Key Type Signature key Key Establishment
RSA 2048 RSA 2048 RSA 2048
RSA 2048 RSA 2048 Diffie-Hellman
2048
ECDSA P-256 ECDSA P-256 ECDH P-256
ECDSA P-256 ECDSA P-384 ECDH P-384
ECDSA P-384 ECDSA P-384 ECDH P-384
INTERNAL Page 13 of 15 Encryption Standard
3.22
POL00362910
POL00362910
Post Office Limited - Document Classification: CONFIDENTIAL
6 Where to go for help
6.1 Additional Policies
This standard is part of the Cyber Security Policy framework. The full set can be found at:
https://poluk.sharepoint.com/sites/cybersecurity2/SitePages/Cyber-and-Information-
Security-Policy-Set.aspx
6.2 How to raise a concern
Any Post Office employee who suspects something is wrong has a duty to:
e Discuss the matter fully with their Line Manager; or,
e Report their suspicions by contacting the Service Desk.
6.3 Who to contact for more information
If you need further information about this standard or wish to report an issue in relation
to this standard, please contact Cyber Security Team via cybe' i
INTERNAL Page 14 of 15 Encryption Standard
3.22
POL00362910
POL00362910
Post Office Limited - Document Classification: CONFIDENTIAL
7 Version Control & Approval
7.1 Version Control
Date Version Updated by Change Details
30/12/2016 1.0 IT Security Final version
15/03/2018 1. IT Security Changed to the new template for
policies
Changed to reflect the new Post
Office structure
Minor editorial changes at annual
review
23/05/2018 1.2 IT Security Updated post peer review
08/06/2018 2.0 IT Security Final Version
13/01/2020 2.1 IT Security Updated to include minimum controls
12/06/2020 2.1 Cyber Security Approved by ISC
28/07/2021 2.2 Cyber Compliance Final version submitted for approval
02/08/2021 3.0 Cyber Compliance Approved by ISC
23/11/2022 3.1 Cyber Compliance Updated to align with control
framework
25/04/2023 3.2 Cyber Compliance CSF Approval for publication
7.2 Standard Approval
Standard Owner:
Standard Author:
Approved by Owner:
Next review:
INTERNAL
Chief Information Security Officer
Ehtsham Ali
25/04/2023
25/04/2024
Page 15 of 15 Encryption Standard
3.22