Do you encrypt scoped data at rest, and in transit?
Please indicate which algorithms are used for encryption at rest and in transit
Do you regularly evaluate the SSL ciphers available in your environment, and disabling insecure variants?
A.10.1.2 Key ManagementIs there a management system in place to support the organization’s use of cryptographic techniques, such as secret key and public key techniques?
Is the key management system based on an agreed set of standards and procedures?
A.10.1.1 Policy on the use of Cryptographic controlsIs there a policy in place for the use of cryptographic controls for protection of confidential or sensitive information?