Dispel transmits information over the public Internet. We protect data in transit with strong encryption, reviewing and updating to employ the latest cryptographically reliable cipher suites.
For example, at this time, when you are connected to your Dispel services through our client application or a hardware device, and for internal server-to-server transmissions, we use two layers of cascade ciphered AES-256-CBC with independent 4096-bit RSA keys for the initial key exchange. Keys are typically generated by segmented compute systems designed with randomness in mind, and distinguished between clients.
When you are using one of our browser-accessible applications, we employ AES-256-GCM encryption. These may be secured using SHA-256 with 2048-or 4096-bit RSA keys, depending on the security requirements of the application. This means many communications through Dispel are protected by three layers of encryption. We encrypt data multiple times, using different ciphers, for several reasons. As one example, by using different ciphers encrypted data is less susceptible to a zero day flaw that could affect both at the same time.
NERC-CIPNIST CSF 1.1LPMAWWACFATS