Payment Card Industry (PCI) - Requirements and Security Assessment
Procedures - Version 3.0 (2013) from the PCI Security Standards Council
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf
Payment Card Industry (PCI) Data Security Standard Glossary, Abbreviations and Acronyms (2015) PCI Security Standards Council https://de.pcisecuritystandards.org/security_standards/glossary.php
Recommendation for Key Management – Part 1: General (2007) Elaine Barker, William Barker, William Burr, William Polk, and Miles Smid http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
Strong Cryptography Definition (2015) by Margaret Rouse http://searchsecurity.techtarget.com/definition/strong-cryptography
Effectiveness of a cryptographic system depends on many factors
There are several factors that can determine the strength of a cryptographic system. If any one of these factors is neglected, it will drastically lower the protection capability of the system, even though all other factors are operating at full strength. For example, an organization can sometimes make inappropriate choices for a key management system as they install a cryptographic system in their facility.
Understanding the purpose of a cryptographic system
In general, cryptography can be defined as the means to protect stored and transferred data from unauthorized use, and to ensure that such data is protected with appropriate encryption methods (which can be decrypted only by authorized users). Encryption and decryption involve the use of a key (or keys) to transform data between readable and unreadable states.
Although cryptography can be considered primary means of protecting data in computer networks, it is only one component of the total system security solution for an organization, and offers little protection by itself. For example, access control is another security measure that limits the number of users that have access to the system
Strengthening the cryptographic system
To be considered "strong cryptography", it must be based on industry-tested and accepted algorithms, along with appropriate key lengths (at least 112 bits). An up-to-date key management system should be installed, which is designed to handle all the tasks involved in cryptographic key usage, according to the key management policy and type of technology being used.
Examples of some of the standardized cryptographic algorithms commonly used include: