Help


[permalink] [id link]
+
Page "Cryptography standards" ¶ 27
from Wikipedia
Edit
Promote Demote Fragment Fix

Some Related Sentences

FIPS and PUB
In the United States, AES was announced by the NIST as U. S. FIPS PUB 197 ( FIPS 197 ) on November 26, 2001.
Despite the criticisms, DES was approved as a federal standard in November 1976, and published on 15 January 1977 as FIPS PUB 46, authorized for use on all unclassified data.
Although careful programmers were coming to realize that use of incompatible extensions caused expensive portability problems, and were therefore using programs such as The PFORT Verifier, it was not until after the 1977 standard, when the National Bureau of Standards ( now NIST ) published FIPS PUB 69, that processors purchased by the U. S. Government were required to diagnose extensions of the standard.
FIPS PUB 198 generalizes and standardizes the use of HMACs.
* FIPS PUB 198, The Keyed-Hash Message Authentication Code
* Pitcairn Islands: FIPS PUB 10-4 territory code
* Palau, FIPS PUB 10-4 territory code
* FIPS PUB 46-3 Data Encryption Standard ( DES ) ( PDF ) ( withdrawn )
FIPS PUB 46-3 ( 1999 ) defines the " Triple Data Encryption Algorithm ( TDEA )", but also uses the terms " DES " and " Triple DES ".
" Keying option n " is the term used by the standards ( X9. 52, FIPS PUB 46-3, SP 800-67, ISO / IEC 18033-3 ) that define the TDEA.
FIPS PUB 46-3 and ISO / IEC 18033-3 define only the single block algorithm, and do not place any restrictions on the modes of operation for multiple blocks.
FIPS state codes were numeric and two-letter alphabetic codes defined in U. S. Federal Information Processing Standard Publication (" FIPS PUB ") 5-2 to identify U. S. states and certain other associated areas.
The standard superseded FIPS PUB 5-1 on May 28, 1987, and was superseded on September 2, 2008, by ANSI standard INCITS 38: 2009.
FIPS PUB 5-1 ( published on June 15, 1970 and superseded by FIPS PUB 5-2 on May 28, 1987 ) stated that certain numeric codes " are reserved for possible future use in identifying American Samoa ( 03 ), Canal Zone ( 07 ), Guam ( 14 ), Puerto Rico ( 43 ), and Virgin Islands ( 52 )", but these codes were omitted from FIPS PUB 5-2 without comment.
For states, the " Status " column in the table below includes a link to a list of the counties ( boroughs and census areas in Alaska ; parishes in Louisiana ) for that state including the county codes as defined in FIPS PUB 6-4.

FIPS and 140-2
Instead, national standards, like FIPS 140-2 give the specifications for cryptographic modules, and various standards specify the cryptographic algorithms in use.
Common Criteria is very generic ; it does not directly provide a list of product security requirements or features for specific ( classes of ) products: this follows the approach taken by ITSEC, but has been a source of debate to those used to the more prescriptive approach of other earlier standards such as TCSEC and FIPS 140-2.
RFC 4086 and FIPS Pub 140-2 include tests which can be used for this.
It is for this reason that SSL 3. 0 implementations cannot be validated under FIPS 140-2.
This led to simpler implementations and certifications for Common Criteria and FIPS 140-2, which require each cryptographic implementation to be separately validated.
FIPS 140-2
OpenSSL is one of the few open source programs to be involved with validation under the FIPS 140-2 computer security standard by the National Institute of Standards and Technology's ( NIST ) Cryptographic Module Validation Program ( CMVP ).
Standards for zeroisation are specified in ANSI X9. 17 and FIPS 140-2.
The Federal Information Processing Standard ( FIPS ) Publication 140-2, FIPS PUB 140-2, is a U. S. government computer security standard used to accredit cryptographic modules.
Federal agencies and departments can validate that the module in use is covered by an existing FIPS 140-1 or FIPS 140-2 certificate that specifies the exact module name, hardware, software, firmware, and / or applet version numbers.
FIPS 140-2 establishes the Cryptographic Module Validation Program ( CMVP ) as a joint effort by the NIST and the Communications Security Establishment ( CSE ) for the Canadian government.
FIPS 140-2 defines four levels of security, simply named " Level 1 " to " Level 4 ".
The FIPS 140-2 standard is an information technology security accreditation program for cryptographic modules produced by private sector vendors who seek to have their products certified for use in government departments and regulated industries ( such as financial and health-care institutions ) that collect, store, transfer, share and disseminate sensitive but unclassified ( SBU ) information.
Cryptographic modules are tested against requirements found in FIPS PUB 140-2, Security Requirements for Cryptographic Modules.
Items on the FIPS 140-1 and FIPS 140-2 validation list reference validated algorithm implementations that appear on the algorithm validation lists.
FIPS PUB 140-2 Annexes:
* FIPS PUB 140-2
* FIPS 140-2 Standard
* Additional FIPS 140-2 Information on Google Knol

FIPS and Security
In 1976, after consultation with the National Security Agency ( NSA ), the NBS eventually selected a slightly modified version, which was published as an official Federal Information Processing Standard ( FIPS ) for the United States in 1977.
** FIPS Mode, software based on Network Security Services complying with FIPS 140
* FIPS 140 Security requirements for cryptography modules
* FIPS PUB 31 Guidelines for Automatic Data Processing Physical Security and Risk Management 1974
* FIPS PUB 73 Guidelines for Security of Computer Applications 1980
* FIPS PUB 102 Guideline for Computer Security Certification and Accreditation 1983
* FIPS PUB 191 Guideline for the Analysis of local area network Security 1994
The CMVP ( and the associated FIPS 140-2 standard ) is administrated by the US National Institute of Standards and Technology ( NIST ) and the Canadian Communications Security Establishment ( CSE ).
The first mandatory security standard required by the FISMA legislation, FIPS 199 " Standards for Security Categorization of Federal Information and Information Systems " provides the definitions of security categories.
These requirements are defined in the second mandatory security standard required by the FISMA legislation, FIPS 200 " Minimum Security Requirements for Federal Information and Information Systems ".

0.467 seconds.