Purpose #
This policy ensures that authentication secure and describe the encryption implemented by Nested Knowledge.
Scope #
These standards apply to the Nested Knowledge software application.
Encryption Policy #
Key Management: #
- AWS Certificate Manager manages encryption keys for data transferred to/from the Nested Knowledge application.
- Cryptographic keys are rotated annually. Cryptographic keys are revoked and removed before the end of the established cryptoperiod when a key is compromised, or an entity is no longer part of the organization.
- Cryptographic keys that are no longer needed are destroyed. [add details]
- Process for creating keys in a pre-activated state (i.e., when they have been generated but not authorized for use): [add details if applicable]
- Tracking and reporting cryptographic materials and status changes (including legal and regulatory requirements provisions) [add details if applicable]
Passwords and Logs:
Passwords are handled by Auth0 and encrypted when stored or transmitted. [add details]
Logs are stored in AWS S3, which encrypts the data.
Encryption at Rest #
All data is encrypted at rest; backups, credentials, and keys are stored on encrypted drives or archives. To protect data at rest, default AWS EC2 / RDS encryption is used, which at time of writing is AES 256 (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html).
Encryption in Transit #
All server/service/database communications are encrypted via tsl/ssl.
Nested Knowledge uses the following encryption algorithms to protect data in transit: AWS’s TLS13-1-2-2021-06, which includes: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA384
Revision History #
This policy will be updated at least on an annual basis or when a significant change occurs.
| Author | Date of Revision/Review | Comments/Description |
|---|---|---|
| K. Cowie | 03/04/2025 | Drafted |
| K. Holub |
