ISO 27001 · A.8 Technological
A.8.24 Use of cryptography
Define and implement rules for the effective use of cryptography, including key management.
Mapped across 15 provisions
Equivalent and related requirements in other frameworks and regulations.
- CIS Controls v8EquivalentOfficial mapping
Source: CIS Controls v8 / ISO/IEC 27001
3.11 Encrypt sensitive data at restCryptography & data protection
- NIST 800-53EquivalentOfficial mapping
Source: NIST SP 800-53 Rev. 5 / ISO/IEC 27001
SC-8 Transmission confidentiality and integrityCryptography & data protection
- NIST 800-53EquivalentOfficial mapping
Source: NIST SP 800-53 Rev. 5 / ISO/IEC 27001
SC-28 Protection of information at restCryptography & data protection
- DORAPartialCuratedArt. 9 Protection and prevention
Cryptography & data protection
- GDPRPartialCuratedArt. 32 Security of processing
Cryptography & data protection
- GLBAEquivalentCurated§314.4(c)(3) Encryption of customer information
Cryptography & data protection
- HIPAAEquivalentCurated§164.312(e)(1) Transmission security
Cryptography & data protection
- LGPDPartialCuratedArt. 46 Security measures
Cryptography & data protection
- NIS2EquivalentCuratedArt. 21(2)(h) Cryptography and encryption
Cryptography & data protection
- NIST 800-171EquivalentCurated3.13.11 Employ FIPS-validated cryptography
Cryptography & data protection
- NIST CSF 2.0EquivalentCuratedPR.DS-01 Confidentiality of data-at-rest protected
Cryptography & data protection
- NIST CSF 2.0EquivalentCuratedPR.DS-02 Confidentiality of data-in-transit protected
Cryptography & data protection
- PCI DSSEquivalentCuratedReq. 3 Protect stored account data
Cryptography & data protection
- PCI DSSEquivalentCuratedReq. 4 Protect cardholder data with strong cryptography during transmission
Cryptography & data protection
- SOC 2PartialCuratedCC6.7 Restricting data transmission
Cryptography & data protection