Young hacker smiling

REQ.149 Set minimum size of symmetric encryption

This document contains the details of the security requirements related to the definition and management of cryptographic systems. This requirement establishes the importance of setting symmetric encryption of minimum size in the cryptographic functions of the system.


The symmetric encryption mechanism must use a minimum key size of 128 bits.


  1. HIPAA Security Rules 164.312(a)(2)(iv): Encryption and Decryption: Implement a mechanism to encrypt and decrypt electronic protected health information.

Service status - Terms of Use