ISO 27001

ISO 27001 A.8.24: Use of Cryptography Explained

Define and implement rules for the effective use of cryptography to protect information confidentiality, authenticity, and integrity.

OFFICIAL REFERENCE (PARAPHRASED)

Rules for the effective use of cryptography, including cryptographic key management, shall be defined and implemented. (ISO/IEC 27001:2022 Annex A.8.24)

Last reviewed: June 2026. Not legal or audit advice.

WHAT EVIDENCE SATISFIES THIS

✓ Cryptography policy
✓ Encryption standards for data at rest and in transit
✓ Key management procedure
✓ Certificate lifecycle documentation

Cross-framework overlap

This control requirement also appears in:

SOC 2 CC6.7 →
PCI-DSS 3.5 →

See this control in your personalized checklist

Start free →

See your readiness in 5 minutes

Answer a few questions and get a personalized, actionable checklist, free, no card.

Get your free checklist →