scope:

Scope The standard applies to all Information Technology (IT), cyber security and technical employees who have responsibilities for cryptography protocols, implementation of security certificates and accountability for TfL infrastructure.

This standard must be followed at all times and updated as industry cryptography protocols are introduced.

Purpose

This standard detail the requirements for the management of TfL cryptography considerations utilising the associated information security controls which are within scope of TfL's IT Information Security Management System (ISMS).

This standard ensures alignment to the Information Security Standard (ISO27001), the TfL Management System (TMS) and TfL's Information Technology Security Policy (P116) which, combined with the ISMS, systematically manages and protects the confidentiality, integrity and availability of TfL's information assets from threats and vulnerabilities.