Chapter Eight - Cryptographic Controls
Cryptography is a means of modifying data such that it is unreadable without authorisation. Encryption is the process of applying cryptography to make data unreadable and decryption is the reverse process of making encrypted data readable. Decryption requires a key that proves authorisation.
Cryptographic controls are services or techniques that use cryptography to protect law enforcement data from:
a) breaches of confidentiality by interception;
b) undetectable compromise of integrity; and
c) repudiation (denial of authorship).
A cryptographic key is a parameter used in conjunction with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the key can read the data, while an entity without knowledge of the key cannot. Cryptographic keys are commonly generated from text passwords, unique hardware IDs, biometric data, or random numbers.
A key management plan is a document that describes the procedures and personnel required to manage and maintain the keys of a cryptographic system. It should apply to a specific instance of cryptography or cryptographic control. Appropriate key management will reduce the risks associated with implementing cryptographic controls.
These standards apply to all Victoria Police employees, contractors, and consultants and any Approved Third Parties who by way of Agreement with Victoria Police have authorised access to law enforcement data.