Information Assurance (IA) in the field of communication and information systems is the confidence that such systems will protect the information they handle and will function as they need to, when they need to, under the control of legitimate users. Effective IA shall ensure appropriate levels of confidentiality, integrity, availability, non-repudiation and authenticity. IA shall be based on a risk management process.
Cryptographic Protection
Where the protection of European Union Classified Information (EUCI) is provided by cryptographic products, such products shall be approved as follows:
- (a) the confidentiality of information classified SECRET UE/EU SECRET and above shall be protected by cryptographic products approved by the Council as Crypto Approval Authority (CAA), upon recommendation by the Security Committee;
- (b) the confidentiality of information classified CONFIDENTIEL UE/EU CONFIDENTIAL or RESTREINT UE/EU RESTRICTED shall be protected by cryptographic products approved by the Secretary-General of the Council as CAA, upon recommendation by the Security Committee.
Here is the List of Approved Cryptographic Products (LACP)