Encryption & Key Management Policy
Encryption & Key Management Policy
This policy provides guidance to limit encryption to those algorithms that have received
substantial public review and have been proven to work effectively.
Additionally, this policy document provides Reveal encryption standards and best practices to
ensure that Reveal consistently follows industry standards for Encryption and Key Management.
This policy and standard apply to all Reveal employees, contractors, and third-party vendors
when sensitive data, such as customer data, Reveal secrets and PII, are in scope.
Data Encryption Policy
• All sensitive data in transit and at rest must be encrypted using strong, industry-recognized
algorithms.
• Reveal maintains approved encryption algorithm standards. These internal standards are
reviewed and subject to change when significant changes to encryption standards within
the security industry change.
• Reveal will not engage in “roll-your-own” encryption, algorithms, or practices and will not
use “security through obscurity” within production infrastructure or applications.
• All Reveal-owned, employee-utilized computers are to have full disk encryption enabled at
all times, as these devices are expected to interact with Reveal resources, infrastructure
and/or client data while performing Reveal business.
• All Reveal-owned wireless networks, including both corporate and guest networks, are to
encrypt corporate office data in transit using WPA2-AES encryption.
Data in Transit
• The minimum acceptable TLS standard in use by the company is 1.2.
• All Reveal public web properties, applicable infrastructure components and applications
using SSL/TLS, IPSEC and SSH to facilitate the encryption of data in transit over open, public
networks, must have certificates signed by a known, trusted provider.
Reveal Encryption Standards
The CTO is responsible for reviewing all encryption algorithms in use. The use of the Advanced
Encryption Standard (AES) is strongly recommended for symmetric encryption.
Reveal, 26 rue Henry Monnier, 75009 Paris