Demonstrate Compliance Using a Cryptography Inventory
It is a general principle of all ISO standards that your system must be formally understood, documented and tracked. When it comes to cryptography, that means having an up-to-date inventory available at all times.
Your cryptography inventory should include information about which keys and certificates you're using, what operations they're being used for and where they are being stored. It should also show the auditor which algorithms and libraries are being used to protect your data.
Whilst the current version of the standard does not explicitly require a cryptography inventory, many auditors are now recommending them since they provide a convenient way to demonstrate regulation of cryptographic controls as required by Annex A:18.1.5 in the standard.
Cryptosense software provides an automated cryptography inventory, simplifying reporting for compliance, and making it easy to manage the cryptographic objects in use at your organization.
Easily demonstrate compliance with ISO 27001 cryptography requirements using Cryptosense's Analyzer Platform.download datasheet