[ISN] New standard set for security

From: William Knowles (wkat_private)
Date: Thu Jun 28 2001 - 12:12:52 PDT

Next message: Jay D. Dyson: "Re: [ISN] Want to See Some Really Sick Art?"

Previous message: InfoSec News: "RE: [ISN] WWW.huh?: You Are the First Line of Defense"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.fcw.com/fcw/articles/2001/0625/web-crypto-06-28-01.asp

BY Diane Frank 
June 28, 2001 

The Commerce Department has formally approved the new standard for the
minimum level of cryptography in federal security products, replacing
a standard that had been in effect for seven years.

With the approval June 27, security products used by agencies for
sensitive, unclassified information must be certified under the
National Institute of Standards and Technologys Federal Information
Processing Standard (FIPS) 140-2, Security Requirements for
Cryptographic Modules.

The new FIPS 140-2 standard, which replaces the 140-1 standard from
1994, goes into effect Nov. 25.

FIPS 140-2 covers four increasing levels of security, to encompass a
range of applications:

* Security Level 1 specifies basic security, such as a PC encryption
  board. 

* Security Level 2 adds physical security to Level 1 products by
  requiring tamper-evident coatings or seals, or pick-resistant
  locks. It also requires role-based authentication of users and that
  operating systems meet the new Common Criteria Controlled Access
  Protection Profile. 

* Security Level 3 strengthens physical security, requires
  identity-based authentication, and requires physical separation of
  data ports. There are also additional levels of Common Criteria
  requirements. 

* Security Level 4 builds on all of the other requirements, as well as
  the ability to electronically erase information if the environmental
  conditions around the module change dramatically or if there are
  drastic fluctuations in the modules operating ranges. 

NIST maintains a list of vendors and modules with FIPS 140-1 and 140-2
validation on its Web site.


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*


ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribeat_private

Next message: Jay D. Dyson: "Re: [ISN] Want to See Some Really Sick Art?"
Previous message: InfoSec News: "RE: [ISN] WWW.huh?: You Are the First Line of Defense"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 22:46:25 PDT