+CRY-01.01B

1. Übersicht

CRY-01.01B

Policies and procedures with procedures and technical safeguards for cryptographic mechanisms are documented, communicated and provided according to SP-01, in which the following aspects are described:

1. Usage of encryption procedures and secure network protocols that correspond to the state of the art;
2. Usage of hash functions and salt values, that both correspond to the state of the art;
3. Usage of signature schemes that correspond to the state of the art;
4. Risk-based provisions for the use of encryption and authentication which are aligned with the information classification schemes (cf. AM-09) and consider the communication channel, type, strength and quality of the encryption;
5. Requirements for the secure generation, storage, archiving, retrieval, distribution, withdrawal, backup, restoration and deletion of the keys;
6. Requirements for the rotation of cryptographic keys that follow industry best practices and consider the potential risk of information exposure;
7. Consideration of relevant legal and regulatory obligations and requirements;
8. Documentation of a change management process for managing cryptographic, encryption, authentication and key management technology changes; and
9. Consideration of crypto-agility to allow for efficient substitution of implemented cryptographic mechanisms during their intended lifetimes.

The following Technical Guidelines (valid at the given time) provide recommendations and key lengths for state of the art cryptographic mechanisms:

1. BSI TR-02102-1 Cryptographic Mechanisms: Recommendations and Key Lengths;
2. BSI TR-02102-2 Cryptographic Mechanisms: Recommendations and Key Lengths â€“ Use of Transport Layer Security (TLS);
3. BSI TR-02102-3 Cryptographic Mechanisms: Recommendations and Key Lengths â€“ Use of Internet Protocol Security (IPSec) and Internet Key Exchange (IKEv2); and
4. BSI TR-02102-4 Cryptographic Mechanisms: Recommendations and Key Lengths â€“ Use of Secure Shell (SSH).

A change management process in the sense of the basic criterion can either be covered by the standard change management process described in DEV-03 or can be implemented as a separate process.

Crypto-agility refers to the ability to change the used cryptographic mechanisms or implementation of such mechanisms, e.g. in such a way that a transition to larger key lengths and stronger cryptographic mechanisms is possible. For further information, please refer to BSI TR-02102-1.

Bezeichnung	Standard

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html