As technology continues to advance, the volume and sensitivity of information transmitted and stored electronically is increasing exponentially. The escalating prevalence of cyber-attacks and data breaches has made the protection of non-open information a paramount concern for nations. Encryption serves as a powerful and sophisticated tool, that protects the confidentiality and integrity of non-open data - from personal communications and financial transactions to critical business & government data. Encryption is thus, a cornerstone of a comprehensive data protection strategy to protect information against unauthorized access.

 

The Council has established this policy to enhance data security, aligned with the UAE’s national priority to be a global leader in cyber security; and enhance the security posture of organizations and individuals within the UAE dealing with critical and personal data.

Governance:

Establishes the requirements for policies and governance structures to support encryption implementation. It focuses on identifying encryption requirements, remediating security and privacy risks, ensuring compliance with relevant laws and standards, and safeguarding data classification against unauthorized access and misuse.

 

Data at Rest:

Requirements to protect data stored in various formats, including laptops, desktops, smartphones, tablets, portable storage media, and databases, from unauthorized access and modifications through the use of encryption. It also emphasizes the protection of user credentials.

 

Data in Motion:

Addresses the need to secure data during transmission, safeguarding it from unauthorized access and modifications, particularly through email and network communications by utilizing encryption.

 

Key Management:

Requirements for secure management of cryptographic keys, including their creation, distribution, storage, availability, and disposal. It also emphasizes the importance of recovery strategies in case of key loss or corruption.

 

Post Quantum Cryptography:

Focuses on preparing entities to protect non-open information from future threats posed by quantum computing technologies.