ENISA started its efforts in the area of cryptography by identifying and analysing reference documents from EU member states where the cryptographic protective measures are identified and recommended. A Survey on the Use of Cryptographic Techniques in Europe, carried out in 2011, brought together various specification documents used by member states and industry into the picture.
One of the key findings of the survey was that most of the specification documents were referring to the work of the networks of excellence (NoE) ECRYPT I and II (report on algorithms and key sizes). Despite the fact that ECRYPT underlined the need to update recommendations for cryptographic protection measures regularly, the work of these networks ended in the beginning of 2013.
ENISA tried to fill this gab with two reports in 2013. In the first Report on Recommended Cryptographic Measures, we address the requirements for cryptographic protective measures applicable to the entire life of personal data, placing the notions of information security in the context of personal data protection framework. In the second Report on Algorithns, Key Sizes and Parameters we gave recommendations for algorithms, key lengths, parameters and protocols. Furthermore we provided a clear distinction between recommendations that are suitable for legacy systems (i.e. systems which are already deployed), and for future systems (i.e. systems which are currently being designed).
The above-mentioned work was continued in 2014 with a Study on Cryptographic Protocols and an Updated Report on Algorithms, Key Sizes and Parameters.