[ISN] New standard set for security

From: William Knowles (wkat_private)
Date: Thu Jun 28 2001 - 12:12:52 PDT

  • Next message: Jay D. Dyson: "Re: [ISN] Want to See Some Really Sick Art?"

    BY Diane Frank 
    June 28, 2001 
    The Commerce Department has formally approved the new standard for the
    minimum level of cryptography in federal security products, replacing
    a standard that had been in effect for seven years.
    With the approval June 27, security products used by agencies for
    sensitive, unclassified information must be certified under the
    National Institute of Standards and Technologys Federal Information
    Processing Standard (FIPS) 140-2, Security Requirements for
    Cryptographic Modules.
    The new FIPS 140-2 standard, which replaces the 140-1 standard from
    1994, goes into effect Nov. 25.
    FIPS 140-2 covers four increasing levels of security, to encompass a
    range of applications:
    * Security Level 1 specifies basic security, such as a PC encryption
    * Security Level 2 adds physical security to Level 1 products by
      requiring tamper-evident coatings or seals, or pick-resistant
      locks. It also requires role-based authentication of users and that
      operating systems meet the new Common Criteria Controlled Access
      Protection Profile. 
    * Security Level 3 strengthens physical security, requires
      identity-based authentication, and requires physical separation of
      data ports. There are also additional levels of Common Criteria
    * Security Level 4 builds on all of the other requirements, as well as
      the ability to electronically erase information if the environmental
      conditions around the module change dramatically or if there are
      drastic fluctuations in the modules operating ranges. 
    NIST maintains a list of vendors and modules with FIPS 140-1 and 140-2
    validation on its Web site.
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 22:46:25 PDT