The National Cryptographic Standards (NCS)
The National Cryptographic Standards (NCS)
Type of regulatory document: Frameworks and standards
Overview
The National Cybersecurity Authority (NCA) is mandated to draft the national cryptographic policies and standards, to ensure compliance with these standards and policies, and to review and update them periodically. The NCA has launched the National Cryptographic Standards (NCS) to meet the national need by specifying the minimum requirements necessary to provide the degree of protection required for national data, systems and networks using cryptographic mechanisms, for civilian and commercial purposes, based on global best practices, global standards and the national need in this field.
The National Cryptographic Standards aim to define the minimum acceptable requirements for providing the degree of protection required for national data, systems and networks (that are used for civilian and commercial purposes) using cryptographic mechanisms, and to enhance national encryption uses to contribute to the protection of cyberspace at the national level.
The standards document defines two levels of strength and security for cryptographic systems and mechanisms, which are the MODERATE level and the ADVANCED level in order to ensure flexibility and efficiency in implementation. The document includes accepted symmetric and asymmetric primitives, symmetric and asymmetric schemes, some of the accepted common application protocols related to cryptography, Public Key Infrastructure (PKI) and Key Lifecycle Management (KLM). The document also presents appendices with topics of importance related to cryptographic operations such as: (Pseudo Random Number Generation (PRNG), Post-Quantum Cryptography and Side-Channel Attacks).
Each national entity is required to choose and implement the appropriate cryptographic standard level based on the nature and sensitivity of the data, systems and networks to be protected. Furthermore, other cybersecurity regulations, issued by the NCA, may mandate the use of a particular cryptographic standard level to protect data, systems and networks.