9-7.1 Encryption

Encryption is the primary means for providing confidentiality services for information that can be stored or sent over the network, intranet, and Internet. Information resources that store, process, or transmit sensitive-enhanced or sensitive information must have the capability to encrypt information.

9-7.1.1 Minimum Encryption Standards

Synchronous encryption: Products using FIPS 197 Advanced Encryption Standard (AES) algorithms with at least 256 bit encryption that has been validated under FIPS 140-2. Legacy systems must have plans for moving to the minimum encryption standard; the associated timeline for this action is based on feasibility (technical capability, business plan for upgrade/retirement, etc.), identification of a published exploit to the implemented encryption algorithm, and associated risk to the Postal Service.

Asynchronous encryption: RSA with a 2048-bit encryption key pair. Elliptic curve algorithms ECDH or ECDSA may be used with key sizes 224-bit or greater. Legacy systems must have plans for moving to the minimum encryption standard; the associated timeline for this action is based on feasibility (technical capability, business plan for upgrade/retirement, etc.), identification of a published exploit to the implemented encryption algorithm, and associated risk to the Postal Service.

PCI systems also require Transport Layer Security (TLS) protocol version 1.2. New implementations must meet the minimum standard. Legacy systems must have plans for moving to the minimum encryption standard; the associated timeline for this action is based on feasibility (technical capability, business plan for upgrade/retirement, etc.), identification of a published exploit to the implemented encryption algorithm, and associated risk to the Postal Service.

The minimum encryption standard for the Postal Service is the Advanced Encryption Standard (AES) with a 256-bit encryption key. PCI systems also require Transport Layer Security (TLS) protocol version 1.1 or higher, but 1.2 is recommended. New implementations must meet the minimum standard. Legacy systems must have plans for moving to the minimum encryption standard; the associated timeline for this action is based on feasibility (technical capability, business plan for upgrade/retirement, etc.), identification of a published exploit to the implemented encryption algorithm, and associated risk to the Postal Service. Asynchronous encryption: RSA with a 2048-bit encryption key pair.

9-7.1.2 Required for Transmission and Storage

Information resources storing, processing, or transmitting sensitive-enhanced or sensitive information must implement encryption based on Postal Service encryption and key recovery policies. Encryption must be used for sensitive-enhanced and sensitive information that is transmitted across networks or in transit between [1] an application or batch server and a database server and [2] between workstations and a database server.

Encryption must be used for sensitive-enhanced and sensitive information stored or archived on fixed and removable devices or media (e.g., disks, diskettes, CDs, and USB storage devices).

Encryption must also be used for sensitive-enhanced and sensitive information that is stored off Postal Service premises.

Encryption must be used for nonpublicly available electronic information in transit or stored off Postal Service premises.

Encryption must be used for payment card industry (PCI) information throughout the life cycle. Unencrypted primary account numbers (PANs) must not be sent via end user messaging technologies.

9-7.1.3 Recommended for Storage on Postal Service Servers and Mainframes

Where technically feasible, encrypt sensitive-enhanced and sensitive information stored on Postal Service nonremovable devices.

9-7.1.4 Required for Workstations and Laptops

Full disk encryption must be installed on all workstations and laptops.