Data Transmission and Encryption Standards

ISO Position Paper

Position Title: Data Transmission and Encryption Standards

Position Audience: Princeton IT Professionals

Contact: Information Security Office: InfoSec@princeton.edu

Position Release Date: November 2018


Problem Statement

Data transmission and encryption standards continue to evolve as new weaknesses and vulnerabilities
are discovered. Devices that are not properly maintained could lead to exploitation by bad actors and, as
a result, could put Princeton University information at risk.

ISO Position

All University servers and devices including development, QA, and production, should be configured
using the latest recommended standards. These standards include the following:

  • a current SHA2 certificate issued by the University certificate service
  • use of TLS 1.1 and above
  • strong ciphers
  • no use of SSL 2.0 and SSL 3.0

Additional Information

Certificates: How to request a digital certificate for a web server at Princeton University
InCommon Certificate Use for SSL/TLS position paper 
Self-signed Certificates position paper

Data classification: Public