FIPS .
-
Upload
griselda-dean -
Category
Documents
-
view
212 -
download
0
Transcript of FIPS .
• FIPS
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Network Security Services - FIPS 140 validation and NISCC testing
1 The NSS software crypto module has been validated five times (1997, 1999, 2002,
2007, and 2010) for conformance to FIPS 140 at Security Levels 1 and 2. NSS was
the first open source cryptographic library to receive FIPS 140 validation. The NSS
libraries passed the National Infrastructure Security Co-ordination Centre|NISCC TLS/SSL and S/MIME test suites (1.6
million test cases of invalid input data).
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS)
1 *FIPS PUB 31 Guidelines for Automatic Data Processing Physical Security and Risk
Management 1974
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS)
1 *FIPS PUB 46-3 Data Encryption Standard
(Data Encryption Standard|DES) 1999
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS)
1 *FIPS PUB 73 Guidelines for
Security of Computer
Applications 1980https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS)
1 *FIPS PUB 74 Guidelines for Implementing and Using the National
Institute of Standards and Technology|NBS Data Encryption
Standard 1981
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS)
1 *FIPS PUB 81 Data Encryption Standard|DES Modes of
Operation 1980
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS)
1 *FIPS PUB 102 Guideline for Computer Security Certification and Accreditation 1983
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS)
1 *FIPS PUB 112 Password Usage 1985, defines 10 factors to be considered in
access control systems that are based on passwords
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS)
1 *FIPS PUB 113 Computer Data Authentication 1985, specifies a Data
Authentication Algorithm (DAA) based on Data Encryption Standard|DES, adopted by the U.S. Treasury
Department|Department of Treasury and the banking community to
protect electronic fund transfers.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS)
1 *FIPS PUB 140-2 Security Requirements for Cryptographic
Modules 2001, defines four increasing security levels
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS)
1 *FIPS PUB 171 Key Management Using American National Standards Institute|ANSI X9.17 (ANSI X9.17-
1985) 1992, based on Data Encryption Standard|DES
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS)
1 *FIPS PUB 180-2 Secure Hash Standard (SHS) 2002 defines the
Secure Hash Algorithm (disambiguation)|SHA family
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS)
1 *FIPS PUB 181 Automated Password Generator (APG) 1993
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS)
1 *FIPS PUB 185 Escrowed Encryption Standard (EES) 1994, a key escrow
system that provides for decryption of telecommunications when lawfully
authorized.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS)
1 *FIPS PUB 186-2 Digital Signature Standard (Digital Signature Algorithm|DSS) 2000
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS)
1 *FIPS PUB 190 Guideline for the Use of Advanced Authentication Technology
Alternatives 1994
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS)
1 *FIPS PUB 191 Guideline for the Analysis of local
area network Security 1994
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS)
1 *FIPS PUB 196 Entity Authentication Using Public key cryptography|Public Key
Cryptography 1997
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS)
1 *FIPS PUB 197 Advanced Encryption Standard (Advanced Encryption Standard|AES) 2001
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS)
1 *FIPS PUB 198 The Keyed-Hash Message Authentication Code
(HMAC) 2002
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140-2
1 The 'Federal Information Processing Standard' ('Federal Information
Processing Standard|FIPS') Publication 140-2, (FIPS PUB 140-2)
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140-2 - Purpose
1 The National Institute of Standards and Technology (NIST) issued the
FIPS 140 Publication Series to coordinate the requirements and
standards for cryptography modules that include both hardware and
software components
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140-2 - Purpose
1 Federal agencies and departments can validate that the module in use is covered by an existing FIPS 140-1
or FIPS 140-2 certificate that specifies the exact module name,
hardware, software, firmware, and/or applet version numbers
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140-2 - Security Levels
1 FIPS 140-2 defines four levels of security, simply named Level 1 to
Level 4. It does not specify in detail what level of security is required by
any particular application.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140-2 - Cryptographic Module Validation Program
1 FIPS 140-2 establishes the CMVP|Cryptographic Module Validation
Program (CMVP) as a joint effort by the NIST and the Communications
Security Establishment (CSE) for the Canada|Canadian government.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140-2 - FIPS 140-2 testing in this program
1 The FIPS 140-2 standard is an information technology security
accreditation program for cryptographic modules produced by private sector vendors who seek to have their products certified for use
in government departments and regulated industries (such as
financial and health-care institutions) that collect, store, transfer, share
and disseminate sensitive but unclassified (SBU) information.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140-2 - Laboratories doing the testing
1 Cryptographic modules are tested against requirements found in FIPS PUB 140-2, Security Requirements
for Cryptographic Modules
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140-2 - Validation
1 NIST maintains validation lists for all of its cryptographic standards testing
programs (past and present). All of these lists are updated as new
modules/implementations receive validation certificates from NIST and
CSE. Items on the FIPS 140-1 and FIPS 140-2 validation list reference
validated algorithm implementations that appear on the algorithm
validation lists.https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140-2 - Annexes
1 * Annex A: [http://csrc.nist.gov/publications/fips/f
ips140-2/fips1402annexa.pdf Approved Security Functions] (Draft
01-04-2011)
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140-2 - Annexes
1 * Annex B: [http://csrc.nist.gov/publications/fips/f
ips140-2/fips1402annexb.pdf Approved Protection Profiles] (Draft
06-14-2007)
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140-2 - Annexes
1 * Annex C: [http://csrc.nist.gov/publications/fips/f
ips140-2/fips1402annexc.pdf Approved Random Number
Generators] (Draft 11-22-2010)
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140-2 - Annexes
1 * Annex D: [http://csrc.nist.gov/publications/fips/f
ips140-2/fips1402annexd.pdf Approved Key Establishment
Techniques] (Draft 01-04-2011)
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140-2 - Reception
1 Steven Marquess therefore argues that the FIPS process inadvertently
encourages hiding software's origins, to de-associate it from defects since
found in the original, while potentially leaving the certified copy
vulnerable.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
AFIPS
1 The 'American Federation of Information Processing Societies'
(AFIPS) was an umbrella organization of professional society|professional
societies established on May 10, 1961 and dissolved in 1990. Its
mission was to advance knowledge in the field of information science,
and to represent its member societies in international forums.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
AFIPS - History
1 AFIPS represented these societies in the International Federation for
Information Processing (IFIP), formed a year earlier under the auspices of
UNESCO.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
AFIPS - History
1 In 1962, AFIPS took over sponsorship of the EJCC and WJCC and renamed
them the Joint Computer Conference|Spring and Fall Joint Computer
Conferences. In 1973, the two were merged in the Joint Computer
Conference|National Computer Conference (NCC), which ran
annually until it was discontinued in 1987. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
AFIPS - History
1 AFIPS also sponsored smaller conferences such as the Office
Automation Conference, published the Annals of the History of
Computing and other magazines, and presented an annual award -- the Harry Goode Memorial Award --
recognizing outstanding achievement in information processing.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
AFIPS - History
1 AFIPS was dissolved in 1990. The IEEE Computer Society (IEEE-CS) became the
sponsor of the Goode Award, and took over publication of Annals (renamed the IEEE
Annals of the History of Computing). The IEEE-CS also joined the ACM to form the Federation on Computing in the United States (FOCUS) in 1991, to take the place of AFIPS as the United
States’ representative in IFIP. In 1999, IFIP accepted separate membership for both IEEE-
CS and ACM, and FOCUS was dissolved.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
AFIPS - Structure
1 The conferences were managed by a conference board, which set the
overall direction and policies of the conferences, coordinated the actions
of the Conference Steering Committee and the National
Computer Conference Committee, and referred problems to appropriate committees such as the finance and
executive committees of AFIPShttps://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS place code
1 'Federal Information Processing Standards' ('FIPS') are publicly announced standardizations
developed by the United States federal government for use in
computer systems by all non-military government agencies and by
government contractors, when properly invoked and tailored on a contract. The purpose of FIPS is to ensure that all federal government and agencies adhere to the same guidelines regarding security and
communication.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS place code
1 Many FIPS pronouncements are modified versions of standards used in the technical communities, such as the American National Standards
Institute (ANSI), the Institute of Electrical and Electronics Engineers
(IEEE), and the International Organization for Standardization
(ISO).
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS place code - Standard publications
1 The U.S. government developed many FIPS pronouncements to
standardize codes: for instance, standards for encoding data (such as
country codes), but more significantly some encryption standards, such as the Data
Encryption Standard (FIPS 46-3[http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf FIPS 46-3]) and the Advanced Encryption Standard
(FIPS 197[http://csrc.nist.gov/publications/f
ips/fips197/fips-197.pdf FIPS 197])
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS place code - Standard publications
1 In 1994 NOAA began broadcasting coded signals called FIPS (Federal Information Processing System) codes along with their standard weather-broadcasts from local
stations. These codes identify the type of emergency and the specific geographic area, such as a county,
affected by the emergency.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS place code - Withdrawal of geographic codes
1 states (FIPS 5-2), and county (United States)|
counties (FIPS 6-4)
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS place code - Withdrawal of geographic codes
1 FIPS 8-6 Metropolitan Areas and 9-1
Congressional Districts of the U.S
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS place code - Withdrawal of geographic codes
1 Until then, previously issued FIPS place codes, renamed Census Code,
will continue to be used, with the Census bureau assigning new codes
as needed for their internal use during the transition.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 10-4
1 The 'Federal Information Processing Standard|FIPS 10-4' standard,
Countries, Dependencies, Areas of Special Sovereignty, and Their
Principal Administrative Divisions, lists two-letter country codes that are
used by the U.S. Government for geographical data processing in
many publications, such as the CIA World Factbook. The standard is also known as DAFIF 0413 ed 7 Amdt. No. 3 (November 2003) and as DIA 65-18 (Defense Intelligence Agency, 1994,
Geopolitical Data Elements and Related Features).
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 10-4
1 The FIPS 10-4 codes are similar to (but sometimes incompatible with)
the ISO 3166-1 alpha-2 country codes. The standard also includes
codes for the top-level subdivision of the countries, similar to but usually incompatible with the ISO 3166-2
standard.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 10-4
1 On September 2, 2008, FIPS 10-4 was one of ten standards withdrawn
by NIST as a Federal Information Processing Standard.Federal
Register, September 2, 2008 (Volume 73, Number 170), page 51276 The
National Geospatial-Intelligence Agency however still maintains the list and publishes regular updates.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
List of FIPS country codes
1 This is a list of 'Federal Information Processing Standard|FIPS
10-4' List of FIPS region codes|country codes for Countries,
Dependencies, Areas of Special Sovereignty, and Their Principal
Administrative Divisions.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
List of FIPS country codes
1 The FIPS standard includes both the codes for independent countries
(similar but sometimes incompatible with the ISO 3166-1 alpha-2
standard) and the codes for top-level subdivision of the countries (similar to but usually incompatible with the ISO 3166-2 standard). The ISO 3166
codes are used by the United Nations and for Internet top-level country
code domains.https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
List of FIPS country codes
1 On September 2, 2008, FIPS 10-4 was one of ten standards withdrawn
by NIST as a Federal Information Processing Standard. It was replaced
in the U.S. Government by the Geopolitical Entities, Names, and
Codes (GENC), which is based on ISO 3166.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
List of FIPS country codes - Resources
1 Updates to previous version of the standard (before FIPS-10 was
withdrawn in September 2008) are at:
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
List of FIPS country codes - Resources
1 * FIPS PUB 10-4: Federal Information Processing Standard 10-4:
[http://earth-info.nga.mil/gns/html/FIPS10-4_match.pdf Countries,
Dependencies, Areas of Special Sovereignty, and Their Principal
Administrative Divisions], April 1995
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Federal Information Processing Standard state code - FIPS state codes
1 The following table enumerates the FIPS state alpha and numeric codes
for the states, the District of Columbia, the outlying areas of the United States, the freely associated states, and trust territory, and FIPS
state numeric codes for the individual minor outlying island
territories.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Federal Information Processing Standard state code - FIPS state codes
1 Only actual U.S. states and the District of Columbia had FIPS state
numeric codes in the range 01 through 56.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Federal Information Processing Standard state code - FIPS state codes
1 FIPS PUB 5-1 (published on June 15, 1970 and superseded by FIPS PUB 5-
2 on May 28, 1987) stated that certain numeric codes are reserved for possible future use in identifying American Samoa (03), Canal Zone (07), Guam (14), Puerto Rico (43), and Virgin Islands (52), but these
codes were omitted from FIPS PUB 5-2 without comment. These areas are marked with a * and highlighted in
red in the table below.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Federal Information Processing Standard state code - FIPS state codes
1 For states, the Status column in the table below includes a link to a list of the counties (boroughs and census
areas in Alaska; parishes in Louisiana) for that state including the county codes as defined in FIPS PUB 6-4. The listings of counties for other areas are set out at the end of this
article.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS county code
1 On September 2, 2008, FIPS 6-4 was one of ten standards withdrawn by
NIST as a Federal Information Processing Standard.Federal
Register, September 2, 2008 (Volume 73, Number 170), page 51276 FIPS 6-
4 was replaced by INCITS 31:2009.http://www.nist.gov/itl/upload/FIPSCodesReplacementChart2012.pdf FIPS Codes Replacement Chart
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS county code
1 County FIPS codes in the United States are usually (with a few
exceptions) in the same sequence as alphabetized county names within the state. They are usually (but not
always) odd numbers, so that new or changed county names can be fit in
their alphabetical sequence slot.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 201
1 'FIPS 201' ('Federal Information Processing Standards|Federal
Information Processing Standard Publication 201') is a Federal
government of the United States|United States federal government standard that specifies 'Personal
Identity Verification' ('PIV') requirements for Federal employees
and contractors.https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 201
1 In response to HSPD-12, the National Institute of Standards and
Technology|NIST Computer Security Division initiated a new program for
improving the identification and authentication of Federal employees and contractors for access to Federal
facilities and information systems. FIPS 201 was developed to satisfy
the technical requirements of HSPD-12, approved by the United States
Secretary of Commerce|Secretary of Commerce, and issued on February
25, 2005.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 201
1 FIPS 201 together with National Institute of Standards and Technology|NIST SP 800-78
(Cryptographic Algorithms and Key Sizes for PIV) are required for U.S.
Federal Agencies, but do not apply to US National Security systems.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 201
1 The Government Smart Card Interagency Advisory Board has
indicated that to comply with FIPS 201 PIV II, US government agencies should use smart card technology.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140
1 The 140 series of 'Federal Information Processing Standards' (Federal Information Processing
Standard|FIPS) are United States|U.S. government of the United States|government computer security standardization|standards that
specify requirements for cryptographic|cryptography modules. , the current version of the standard
is FIPS 140-2, issued on 25 May 2001.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140 - Purpose of FIPS 140
1 FIPS 140 does not purport to provide sufficient conditions to guarantee that a module conforming to its
requirements is secure, still less that a system built using such modules is
secure
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140 - Purpose of FIPS 140
1 User agencies desiring to implement cryptographic modules should
confirm that the module they are using is covered by an existing
validation certificate. FIPS 140-1 and FIPS 140-2 validation certificates specify the exact module name,
hardware, software, firmware, and/or applet version numbers. For Levels 2
and higher, the operating platform upon which the validation is
applicable is also listed. Vendors do not always maintain their baseline
validations.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140 - Purpose of FIPS 140
1 The Government of Canada also recommends the use of FIPS 140
validated cryptographic modules in unclassified applications of its
departments.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140 - Security levels
1 * FIPS 140-2 Level 1 the lowest, imposes very limited requirements;
loosely, all components must be production-grade and various
egregious kinds of insecurity must be absent.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140 - Security levels
1 * FIPS 140-2 Level 2 adds requirements for physical tamper-evidence and role-based
authentication.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140 - Security levels
1 * FIPS 140-2 Level 3 adds requirements for physical tamper-resistance (making it difficult for
attackers to gain access to sensitive information contained in the module)
and identity-based authentication, and for a physical or logical
separation between the interfaces by which critical security parameters
enter and leave the module, and its other interfaces.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140 - Security levels
1 * FIPS 140-2 Level 4 makes the physical security requirements more stringent, and requires robustness
against environmental attacks.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140 - Security levels
1 Thus, a criticism of FIPS 140-2 is that the standard gives a false sense of
security at Levels 2 and above because the standard implies that
modules will be tamper-evident and/or tamper-resistant, yet modules are permitted to have side channel
vulnerabilities that allow simple extraction of keys.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140 - Scope of requirements
1 FIPS 140 imposes requirements in eleven different
areas:
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140 - Brief history
1 FIPS 140-1, issued on 11 January 1994, was developed by a
government and industry working group, composed of vendors and
users of cryptographic equipment. The group identified the four security levels and eleven requirement areas
listed above, and specified requirements for each area at each
level.https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140 - Brief history
1 FIPS 140-2, issued on 25 May 2001, takes account of changes in available
technology and official standards since 1994, and of comments
received from the vendor, tester, and user communities. It was the main input document to the international standard International Organization for Standardization|ISO/International
Electrotechnical Commission|IEC ISO/IEC 19790|19790:2006 Security
requirements for cryptographic modules issued on 1 March 2006.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FIPS 140 - Brief history
1 FIPS 140-3 is a new version of the standard which is currently under development. In
the first draft version of the FIPS 140-3 standard, NIST introduced a new software
security section, one additional level of assurance (Level 5) and new Simple Power
Analysis (SPA) and Differential Power Analysis (DPA) requirements. The draft
issued on 11 Sep 2009, however, reverted to four security levels and limits the security
levels of software to levels 1 and 2.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Counties of Pennsylvania - FIPS code
1 The Federal Information Processing Standard (FIPS) code, used by the
United States government to uniquely identify counties, is
provided with each entry. FIPS codes are five-digit numbers; for
Pennsylvania the codes start with 42 and are completed with the three-
digit county code. The FIPS code for each county in the table links to
census data for that county.https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
For More Information, Visit:
• https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
The Art of Servicehttps://store.theartofservice.com