The IT Law Wiki
Register
mNo edit summary
Tag: sourceedit
 
(One intermediate revision by the same user not shown)
Line 6: Line 6:
   
 
FIPS 140-2 specifies the [[security]] requirements for a [[cryptographic module]] used within a [[security system]] protecting [[sensitive information]] in [[computer system|computer]] and [[telecommunication]] [[system]]s (including [[voice system]]s) and provides four increasing, qualitative levels of [[security]] intended to cover a wide range of potential applications and environments. Agencies are required to [[encrypt]] agency [[data]], where appropriate, using [[NIST]]-validated [[cryptographic module]]s as specified in FIPS 140-2.
 
FIPS 140-2 specifies the [[security]] requirements for a [[cryptographic module]] used within a [[security system]] protecting [[sensitive information]] in [[computer system|computer]] and [[telecommunication]] [[system]]s (including [[voice system]]s) and provides four increasing, qualitative levels of [[security]] intended to cover a wide range of potential applications and environments. Agencies are required to [[encrypt]] agency [[data]], where appropriate, using [[NIST]]-validated [[cryptographic module]]s as specified in FIPS 140-2.
  +
  +
This [[standard]] is used to ensure [[encryption technologies]] used by the U.S. Government meet minimally acceptable requirements and can demonstrate an acceptable level of conformance to the [[standard]] that is commensurate with the [[risk]] the U.S. Government finds acceptable when using [[encryption technologies]] to protect U.S. Government [[information]] and [[information system]]s.
 
[[Category:Publication]]
 
[[Category:Publication]]
 
[[Category:Security]]
 
[[Category:Security]]
 
[[Category:Encryption]]
 
[[Category:Encryption]]
  +
[[Category:2001]]

Latest revision as of 05:51, 26 August 2015

Citation[]

NIST, Security Requirements for Cryptographic Modules (FIPS 140-2) (May 25, 2001) (full-text).

Overview[]

FIPS 140-2 specifies the security requirements for a cryptographic module used within a security system protecting sensitive information in computer and telecommunication systems (including voice systems) and provides four increasing, qualitative levels of security intended to cover a wide range of potential applications and environments. Agencies are required to encrypt agency data, where appropriate, using NIST-validated cryptographic modules as specified in FIPS 140-2.

This standard is used to ensure encryption technologies used by the U.S. Government meet minimally acceptable requirements and can demonstrate an acceptable level of conformance to the standard that is commensurate with the risk the U.S. Government finds acceptable when using encryption technologies to protect U.S. Government information and information systems.