It is important to use algorithms that adequately protect sensitive information and the NZISM prescribes approved algorithms and protocols.  Each algorithm is carefully assessed for longevity, resistance to attack, ease of use and consumption of resource.

Approved Cryptographic Algorithms and Retiring Older Cryptographic Algorithms [PDF, 48.47 KB]

Agencies need to follow a security process when decommissioning and disposing of IT equipment and media that has been used for official, sensitive or security classified information. This process is outlined in the document Approved Secure Destruction Facilities - Guidance to Agencies.

Guidance-to-Agencies-ASDFs-15-Aug-version.pdf  [PDF, 306.16 KB]

GCSB Approved Secure Destruction Facilities

The status of "approved facility" for the destruction of media and equipment may be granted by the Director-General GCSB under the NZISM.  Approval depends upon the Director-General's satisfaction that the proposed facilities are capable of securely destroying IT equipment, devices and media to the standard required under the NZISM and related policies.

The process of obtaining approval is outlined in the document Approval of Secure Destruction Facilities - Information for Service Providers [PDF, 284.56 KB]

The National Cyber Security Centre (NCSC) has prepared the following guidance to provide agencies with high-level information about lawful access to official data held in jurisdictions outside of New Zealand.

Lawful Access FAQs

Understanding the different possible roles involved in cloud computing, their respective responsibilities, and how they interrelate, will be helpful for organisations using cloud services.

Cloud Services: Who’s Who – Roles and Responsibilities

A variety of cloud service models are available to Consumers, each entailing different types of service management operation, as well as differing levels of responsibility for security for the parties involved.

Cloud Computing: Shared Responsibility Security Models