QGEA long document 2016



Queensland Government Enterprise ArchitectureData Encryption FrameworkDRAFTAugust 2018V2.0.5 OFFICIAL (WHILE IN DRAFT)Document detailsSecurity classificationUNCLASSIFIED (WHILE IN DRAFT)Date of review of security classificationAugust 2018AuthorityQueensland Government Chief Information OfficerAuthorQueensland Government Chief Information OfficerDocumentation statusWorking draftConsultation releaseFinal versionContact for enquiries and proposed changesAll enquiries regarding this document should be directed in the first instance to:QGCIOcybersecurityunit@qgcio..auAcknowledgementsThis version of the Data encryption framework was developed and updated by Queensland Government Chief Information OfficerFeedback was also received from a number of agencies, which was greatly appreciated.CopyrightData encryption framework Copyright ? The State of Queensland (Department of Housing and Public Works) 2018LicenceCreative Commons Licence to be added to document prior to rmation securityThis document has been security classified using the Queensland Government Information Security Classification Framework (QGISCF) as OFFICIAL and will be managed according to the requirements of the QGISCF.Contents TOC \o "1-2" \h \z \u 1Introduction PAGEREF _Toc528154741 \h 41.1Purpose PAGEREF _Toc528154742 \h 41.2Scope PAGEREF _Toc528154743 \h 41.3Audience PAGEREF _Toc528154744 \h 52Background PAGEREF _Toc528154745 \h 53Implementation PAGEREF _Toc528154746 \h 53.1Overview of use PAGEREF _Toc528154747 \h 54Control sets PAGEREF _Toc528154748 \h 74.1Cryptographic algorithms PAGEREF _Toc528154749 \h 84.2Cryptographic protocols PAGEREF _Toc528154750 \h 94.3Encryption at rest PAGEREF _Toc528154751 \h 104.4Key management PAGEREF _Toc528154752 \h 115References PAGEREF _Toc528154753 \h 12A.1Required Controls PAGEREF _Toc528154754 \h 13A.2Control classification mapping PAGEREF _Toc528154755 \h 14Introduction PurposeThe Queensland Government uses a range of information and communications technology systems to process, store and transmit electronic data. The Queensland Government is responsible for ensuring it applies adequate security for this information.The Queensland Data Encryption Framework (QDEF) supersedes the Network Transmission Security Assurance Framework (NTSAF). References to the NTSAF in other QGEA documents should be taken to refer to the QDEF.The QDEF outlines the minimum requirements for encryption and management of encrypted, Queensland Government owned data (in use, in transit and, at rest). The QDEF is enforced by the Queensland Government Information Security Policy requirement 3: Agencies must meet minimum security requirements, with all information transmitted over data communication networks secured in line with the NTSAF.The QDEF corresponds to the ISO/IEC 27001:2013 control domain of cryptography (A.10). compliance with ISO27001 requires the development and implementation of policies on cryptographic controls and a policy on cryptographic key management.Requirements; Agencies must:Implement policy on the use of encryption, cryptographic controls, and key management.Implement controls at least equivalent to those outlined in the appendix A.1 “Required Controls” of the Queensland Government Data Encryption Framework. ScopeThis framework provides a direction and processes for choosing and implementing encryption for data-in-transit, data-in-use, and data-at-rest. The framework also sets the minimum required standard for encryption of Queensland Government data.National security By design this framework is not intended to apply to nationally security classified information. For information carrying a national security classification, the Australian Government’s manuals and policies must be applied directly. The Australian Government information security standards are not legally binding for Queensland Government agencies. However, the Queensland Government does have a Memorandum of Understanding on national security information handling in place with the Australian Government which establishes an intent to be consistent with Federal standards. This framework, along with other Queensland Government information security policies, frameworks and standards, is intended to align with and support, the Australian Government’s information security standards wherever practical, but should be taken as having precedence for Queensland Government agencies when dealing with non-nationally security classified information. Where an agency perceives a conflict exists between Queensland and Australian Government frameworks, this should be addressed directly with the Queensland Government Chief Information Office (QGCIO).AudienceThe QDEF is intended for use by network and security architects, project managers and those responsible for Queensland Government data and information. Third-Party service providers developing or providing systems and services that will be storing and managing data/information on behalf of the Queensland Government. Readers should be familiar with the concepts and workings of the QGISCF.BackgroundData can exist in various states or locations throughout its lifecycle. The following terms and definitions have been used within this document to describe the state or location of data:Data-at-rest: This refers to the stored location of data, be it on a storage device, server or other storage system. Data-in-transit: This refers to data that is currently being transmitted between locations. Data-in-use: This refers to data which is in use on a client device or session.The QDEF has been designed and written to replace the NTSAF. This document has changed from focusing primarily on the security of network transmission. It now covers the security of data and information in all its forms for the following reasons:to remove the minimum-security assurance levels applied to networking technologies encouraging agencies to independently risk assess technologies.to focus the document to the topics of encryption, cryptography, and key management, removing extraneous topics.to simplify implementation and understanding of the framework.no other industry standards or frameworks require controls to the same detail as the NTSAF on the topic of network transmission security.clearer mapping to the ISO/IEC 27001:2013 control domains to assist with implementation of agency ISMS’s.to align with the Australian Government’s minimum encryption control sets and support information sharing. expanding the scope of the framework to incorporate data in its various states. Implementation Overview of useThis framework is intended to be used to:assist agencies in developing and implementing policies on encryption, cryptographic controls, and key managementdetermine appropriate encryption requirements considering the security classification of information and dataensure that the risk of data security being breached is effectively reduced through the appropriate implementation of cryptographic controlsidentifying acceptable configurations and supplementary controls which must or should be applied to cryptographic algorithms and protocols when being implementedeach of the above (1, 2, and 3) are explained in more detail in the following sections. Item 4 is further discussed in the control set sections “Cryptographic algorithms” and “Cryptographic protocols”.Assist agencies in developing and implementing policies on encryption, cryptographic controls, and key management In order to comply with ISO27001, agencies must develop and implement a policy on the use of cryptographic controls for the protection of information. The QDEF should be used as a basis for department and agency policies regarding encryption, cryptographic controls, and key management. Iterating upon the minimum requirements and controls described in section 4 “control sets” to align with internal departmental requirements, should effectively fulfil the cryptography policy requirements of ISO27001. Agencies may also consider reviewing National Institute of Standards and Technology (NIST) SP800-53, ISO/IEC 27002, ISO/IEC 11700, The Australian Cyber Security Centre (ACSC) Information Security Manual (ISM) when developing their policies and supplemental controls.Determine appropriate encryption requirements considering the security classification of dataThe QDEF refers to the confidentiality security classification assessment detailed in the QGISCF to determine the encryption requirements for data, if the data does not have a security classification refer to the QGISCF for details on classification. When considering the security classification of a system it's important to consider the highest level of confidentiality security classified information being processed. When processing PROTECTED information or data the cryptographic requirements greatly increase. Agencies must consider the integrity requirements of the information/data/information system when implementing controls. The QDEF only enforces minimum control sets based on the confidentiality classification, however encryption can also provide additional assurance when handling information/data/information systems with higher integrity requirements. Where agencies are expected to align controls with the current ACSC ISM;OFFICIAL (O) controls are applied to QGISCF classified information/data at the OFFICIAL and SENSTIVE levels PROTECTED (P) controls are applied to QGISCF classified information/data at the PROTECTED levels Ensure that the risk of data security being breached is effectively reduced through the appropriate implementation of cryptographic controlsAgencies should compare the mandatory requirements of the QDEF against their currently implemented control sets, this process should present any control gaps in their existing systems.Based on the security classification levels derived from the QGISCF confidentiality assessment, agencies must implement mandatory controls and requirements described in section 4 Control Sets, and consider all recommended controls described with a should statement.Where a mandatory or recommended control has not been implemented agencies must record the gaps in the agency risk register.Agencies should develop and implement additional supplementary cryptographic controls where deemed necessary to provide a higher level of assurance or mitigate an existing risk.A comprehensive identification of the controls that have been implemented should be kept in an auditable format and reviewed regularly through the ISMS process.The selection of the appropriate means of securing data should be undertaken mindful of a range of factors including cost, ease of use, and appropriateness to the business.Control setsCryptography is the practice and study of techniques for secure communication in the presence of third parties, including adversaries. The application of cryptographic processes is designed to provide confidentiality, integrity, authentication, and non-repudiation of information and data. There are two key aspects of cryptography: the cryptographic algorithm, and the cryptographic protocol. The cryptographic algorithm is the mathematical means for concealing data and verifying integrity, whereas the cryptographic protocol is a transmission mechanism that applies additional security to data transmission using cryptography. Cryptography is used to encrypt information and data to provide additional assurances to their security. Organisations that use encryption for data at rest, or in transit, are not reducing the sensitivity or classification of the information. However, when information is encrypted, the consequences of the encrypted information being accessed by unauthorised parties is considered lower. This enables reduction in handling, storage and transmission requirements. Cryptographic algorithmsCryptographic algorithms can be used to secure data during storage and, when used within an appropriate network protocol, can provide a trusted communications channel through untrusted communication paths. A cryptographic algorithm creates a cipher by performing a set of mathematical functions using keys, which are then used to encrypt data. There are several categories of cryptographic algorithms used for information security. The most widely adopted forms are asymmetric (AKA public-key), symmetric-key (AKA secret key), hash and key-hash message authentication code (HMAC) cryptography.To ensure security, cryptographic algorithms that have been subjected to rigorous testing by cryptographers in the international community should be selected over lesser known algorithms. The fundamental security principle for selecting cryptographic algorithms is to only use algorithms where the security is given through the computational difficulty of the algorithm. Cryptographic algorithms that rely on the secrecy of the algorithm itself to provide security are considered vulnerable to having their secret revealed, stolen or inadvertently discovered. The strength of cryptographic algorithms is generally influenced by two factors. The first factor is the structure of the algorithm in providing computational complexity. The second is the length of the key fed into the algorithm to create the unique cipher. A longer key generally equates to a stronger cipher and requires an exponentially greater time to decipher. It should however be noted that equivalent key strengths can differ substantially between different types of algorithms. Cryptographic strength is measured by the number of computing cycles required to decipher information. The length of time it takes to run the computing cycles has dramatically decreased as the speed of new processors has exponentially increased. In this way, advancements in computing power have rendered several once-strong algorithms obsolete, and new algorithms or key lengths continue to be required to maintain strength in the face of improving hardware capabilities.Cryptographic algorithm requirementsWhen implementing cryptography or a cryptographic product the algorithm must have been reviewed by the Australian Government and currently have approval as an “ASD Approved Cryptographic Algorithm” (AACA) unless the associated risks are assessed and formally accepted at the departmental level. AACAs fall into three categories: asymmetric/public key algorithms, hashing algorithms and symmetric encryption algorithms.The currently approved asymmetric/public key algorithms are:Diffie-Hellman (DH) for agreeing on encryption session keysDigital Signature Algorithm (DSA) for digital signaturesElliptic Curve Diffie-Hellman (ECDH) for agreeing on encryption session keysElliptic Curve Digital Signature algorithm (ECDSA) for digital signaturesRivest-Shamir-Adleman (RSA) for digital signatures and passing encryption session keys or similar keys.The approved hashing algorithm is:Secure Hashing Algorithm 2 (SHA-224, SHA-256, SHA-384 and SHA-512).The approved symmetric encryption algorithms are:AES using key lengths of 128, 192 and 256 bitsTriple Data Encryption Standard (3DES) using three distinct keys.Where there is a range of possible key sizes for an algorithm, some of the smaller key sizes do not provide an adequate safety margin against intrusion methods that might be found in the future. For example, future advances in integer factorisation methods rendering smaller RSA moduli vulnerable to applicable attacks.ASD Approved Cryptographic Algorithms 2018 [Official and Protected] *AlgorithmsMinimum Key StrengthsAsymmetric/public keyDH1024+1024+ ModulusDSA, RSA2048+2048+ Modulus ECDSA, ECDH160+ bits field/key size HashSHA-2SHA-224, SHA-256, SHA-384 and SHA-512 Symmetric EncryptionAES128, 192 and 256 bits Triple Data Encryption Standard (3DES)3 Distinct KeysTable 2: ASD approved cryptographic algorithms requirements*This list is current as of December 2018, refer to the ACSC ISM for the current list of AACAs and supplementary controls in this section.When using AACAs agencies must ensure the implementation is aligned with the associated controls in the current ACSC ISMAgencies should use ECDH and ECDSA in preference to DH and DSA due to an increase in successful sub-exponential index-calculus based attacks on DH and DSA. ECDH and ECDSA offer more security per bit increase in key size than either DH or DSA and are considered more secure alternatives.When using elliptic curve cryptography, agencies must use a curve from the Federal Information Processing Standard 186-4 (FIPS 186-4).When using RSA for digital signatures, and for passing encryption session keys or similar keys, a key pair for passing encrypted session keys that is different from the key pair used for digital signatures must be used.AES and 3DES must not use Electronic Codebook (ECB) mode. Electronic Codebook (ECB) mode in block ciphers allows repeated patterns in plaintext to appear as repeated patterns in the ciphertext. Cryptographic protocolsCorrectly implementing cryptographic protocols is the primary way to protect against network-based attacks and provide encryption-in-transit. Although many cryptographic protocols use strong standards-based cryptographic algorithms, they may still be vulnerable to weaknesses in the protocol structure or weakness in the implementation. Like cryptographic algorithms, the most secure protocols are typically based on mature industry standards as they have undergone international scrutiny to ensure there are minimal vulnerabilities. It is more likely that lesser known cryptographic protocols will contain vulnerabilities that could potentially be exploited. Many secure protocols rely on digital certificate technology to provide entity authentication. Digital certificates are created using a combination of public-key and cryptographic hash algorithms, and their security relies on a trust-based infrastructure model known as public key infrastructure (PKI). The most commonly used digital certificate standard is X.509 and this is considered the industry default. Guidelines for establishing a PKI based on digital certificates are out of the scope of the QDEF. Transmission networks consist of many protocol layers working together to ensure that information is delivered to its intended recipient and in an appropriate way, based on the type of information. There are many cryptographic protocols that operate at different layers of granularity based on how information is secured for transmission. Cryptographic protocol requirementsThe QDEF is aligned with the ACSC ISM and where appropriate recommends the use of ASD Approved Cryptographic Protocols (AACP), the current ASD Approved Cryptographic Protocols are:Transport Layer Security (TLS)Secure Shell (SSH)Secure Multipurpose Internet Mail Extension (S/MIME)OpenPGP Message FormatInternet Protocol Security (IPsec)Wi-Fi Protected Access 2 (WPA2).When implementing AACPs agencies must ensure the implementation is aligned with the associated controls in the current ACSC ISM. Security controls must align to the confidentiality classification of the information being transmitted and can be found in the ASD Approved Cryptographic Protocols section of the Cryptography chapter in the current ACSC ISM. Agencies should establish and maintain end-to-end encryption for all applications, where an agency does not have physical control over the network infrastructure used for transmission data should be encrypted by default.Encryption at restEncryption at rest is the result of encrypting data that is not considered ‘moving’. Data at rest includes data that resides in databases, file systems, flash drives, memory, and any other structured storage method. There are different methods to implement encryption at rest, the primary methods include full disk encryption, partial disk encryption, and file-based encryption. Encryption of data at rest can be used to reduce the physical storage and handling requirements for media or systems containing sensitive information.When implementing encryption at rest, full disk encryption is the preferred implementation method. Full disk encryption provides a greater level of protection than file-based encryption. File-based encryption can be used to encrypt individual files, however there is the possibility of temporary copies remaining on the device in an unencrypted form.Partial disk encryption can also be used to ensure specifically sensitive data can be stored in a secured manner. Partial disk encryption can be implemented by partitioning the storage in a device or database and encrypting a specific partition(s). Partial disk encryption must be accompanied with appropriate access control that will only allow writing to the encrypted partition. Encryption at rest can be implemented to protect files and data from external attackers and malicious insiders. If encryption at rest is implemented appropriately alongside access control measures it should mitigate the likelihood of inappropriate access to information and reduce the impact of data theft. Encryption at rest requirementsQueensland Government agencies should, where possible, implement full disk encryption to protect data at rest and reduce the impact of device theft and data leakage. In all other cases, encryption at rest may be implemented with a business owners' approval to mitigate an existing risk or reduce the physical storage and handling requirements of the data/information.Key management Cryptographic systems are comprised of equipment and keying material. Keying material is the data (e.g., keys and IVs) necessary to establish and maintain cryptographic keying relationship. Keying material is either symmetric or asymmetric in nature, although there are several different types of keys defined. Keys can be identified according to their classifications as public (asymmetric), private (asymmetric), symmetric, and relating to their use, for more information regarding types of keys see NIST SP 800-57 Pt. 1 section 5.1.1. Cryptographic equipment is the aspect of the cryptographic system that allows the users to encrypt and decrypt data/information while keyed. While cryptographic equipment is usually a physical device it can be a part of encryption software. Key management is susceptible to several threats. These threats can have significant affects to the confidentiality or integrity of the encrypted information, some of these threats include:Disclosure of the keying material: Either the keying material is in plaintext, is not protected and can be accessed, or is enciphered and can be deciphered.Modification of keying material: Changing the keying material so that it does not operate as intended.Unauthorised deletion of keying material: Removal of the key or key related data.Incomplete destruction of keying material: This may lead to the compromise of current or future keys.Unauthorised revocation: The direct or indirect removal of a valid key or keying material.Masquerade: The impersonation of an authorised user or entity.Delay in executing key management functions: This may result in a failure to generate, distribute, revoke or register a key, update the key repository in a timely manner, maintain a user’s authorisation levels, and so on. The delay threat may result from any of the previously mentioned threats or from physical failure of the key related equipment.Misuse of keys: The use of a key for a purpose for which it is not authorised, excessive use of a key, provision of keys to an unauthorised recipient, and the use of a key management facility for a purpose which it is not authorised.Key management requirements A policy on the use, protection and lifetime of cryptographic keys must be developed and implemented through their whole lifecycle. Agencies must develop their key management policies to comply with the ACSC ISM key management requirements and ISO27002:2015.ISO27002:2015 and the ACSC ISM both require the implementation of a key management plan that must include an agreed set of standards, procedures and secure methods the following topics:generating keys for different cryptographic systems and different applications;issuing and obtaining public key certificates;distributing keys to intended entities, including how keys should be activated when received;storing keys, including how authorized users obtain access to keys;changing or updating keys including rules on when keys should be changed and how this will be done;dealing with compromised keys;revoking keys including how keys should be withdrawn or deactivated, e.g. when keys have been compromised or when a user leaves an organization (in which case keys should also be archived);recovering keys that are lost or corrupted;backing up or archiving keys;destroying keys;logging and auditing of key management related activities.When utilising a third party for the storage and/or transmission of information deemed to require encryption Agencies should where possible, appropriate, and economic seek to control the encryption keys. When developing key management policies and plans, agencies should review ISO/IEC 27002:2015, AS11770-1, ACSC ISM, NIST SP 800-57, and FIPS 140-2. These industry standards provide a holistic view of key management and offer minimum control sets.ReferencesAustralian Government information security Government Protective Security Policy Framework Required ControlsDomainControl descriptionMust/Should/May PolicyImplement policies on the use of encryption, cryptographic controls, and key management.MustImplement controls at least equivalent to those outlined in the DEFMust Any required control with a “should” or “must” statement that is not implemented must be recorded in the agencies risk registerMustAlgorithmWhen implementing cryptography or a cryptographic product the algorithm must have approval as an AACA, unless the risk is formally accepted at the departmental levelMustAgencies must ensure the implementation of AACAs is aligned with the associated controls in the current ACSC ISMMustECDH and ESDSA should be used in preference to DH and DSAShouldElliptic curve cryptography must use a curve from the FIPS 186-4MustRSA must use a key pair for passing encrypted session keys that is different from the key pair used for digital signatures.MustAES and 3DES must not use Electronic Codebook (ECB) mode. MustProtocolsWhere an agency does not have physical control over the network infrastructure used for transmission by default data should be encryptedShouldWhere appropriate agencies should use ASD Approved Cryptographic Protocols (AACP)Should When implementing AACPs agencies must ensure the implementation is aligned with the associated controls in the current ACSC ISMMust Protocol implementation must align to the confidentiality classification of the information being transmittedMust At-Restwhere possible full disk encryption at rest should be implemented ShouldPartial disk encryption must be accompanied with appropriate access controlMustKey ManagementPolicy on the use, protection and lifetime of cryptographic keys must be developed and implemented through their whole lifecycleMustAgencies must develop their key management policies to comply with the ISM key management requirements and ISO27002:2015MustAgencies should control encryption keys when storing and/or transmitting information deemed to require encryption on a third-party systemShouldAgencies must implement a key management plan includes an agreed set of standards, procedures and secure methods for the listed topics in section 4.1.4 MustControl classification mappingNTSAFQGISCF 2018Information Security Manual 2017Information Security Manual 2018NTSAL-0OFFICIALUD: Baseline controlsO: Official controlsNTSAL-1NTSAL-2SENSITIVENTSAL-3PROTECTEDP: Protected controlsP: Protected controlsNTSAL-4or SECRET (depending on risk assessment)S: Secret S: SecretVersionDateAuthorKey changes made1.0.1 May 2010Queensland Government Chief Information OfficeApproved/published1.1.0February 2016 Queensland Government Chief Information OfficeUpdated to new QGEA template for review and informal consultation1.1.1March 2016Queensland Government Chief Information OfficeUpdates made following informal consultation2.0.1August 2018Queensland Government Chief Information OfficeUpdated to the QDEF, control sets and context drafted2.0.2October 2018Queensland Government Chief Information OfficeReviewed and updated by Josh Stevens, Key Management updated2.0.3October 2018Queensland Government Chief Information OfficeFramework Implementation 2.0.4October 2018Queensland Government Chief Information OfficeAppendices Added. Grammar and spellcheck completed. External links added2.0.5November 2018Queensland Government Chief Information OfficeUpdated following unofficial consultation 2.0.6December 2018Queensland Government Chief Information OfficeControl levels redrafted. Additional controls added. Checks for consistency. More updates following unofficial consultation ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download