diff --git a/tech/cia-do-dont.wiki b/tech/cia-do-dont.wiki
index 0236e60..fa62e38 100644
--- a/tech/cia-do-dont.wiki
+++ b/tech/cia-do-dont.wiki
@@ -83,3 +83,8 @@ This is the CIA list of dos and donts.
   referes to the inner cryptosctream which may be masked by HTTPS, this doesn
   no apply to the outer stream
 * Tools must support unique certs and CAs for network auth for each deployment
+* Integrity must be provided HMAC with a key size of 256 bits
+* Confidentiality must be provided by AES with minimum key size of 256 bits.
+  The cipher must be operated in Galois/Counter Mode, Counter Mode, or Chipher
+  Block Chaining
+* Messages *must* come with a digest