Cyber Security Policy Manual

City Employees

Follow the encryption standards defined in this policy to prevent unauthorized access to confidential information

P OLICY 1) All implemented encryption standards must support a minimum encryption level of AES 256-bit encryption. Hashing functions must support a minimum hashing level of SHA2 256 bit. 2) Encryption is required when remotely accessing City of Greensboro’s systems and applications via Citrix XenApp, VPN, remote desktop or other remote access tools. 3) T rusted SSL certificates must be used when allowing resident’s access to City of Greensboro’s web applications. 4) If transferring confidential information to third-party via email or other file transfer methods, SSL certificates, email encryption or secure file transfer protocols must be used to protect confidential information from becoming compromised. 5) Confidential information residing in databases must be hashed to prevent unauthorized access to it. 6) The use of proprietary encryption algorithms is not permitted. 7) File and folder encryption must be implemented on laptops that contain confidential information in order to prevent unauthorized access to the information if the laptop is lost or stolen. 8) Encrypted USB drives must be used if there is a business need to copy confidential information on USB drives. This prevents unauthorized access to the information if the USB drive is lost or stolen. 9) Encryption keys and passwords must be stored in a safe location. Access to encryption keys and passwords must be restricted to the individuals that have administrative privileges to the systems and applications where these keys are used.

Cyber Security Policy Manual

21