With the rapid increase in concerns about leaking accounts, phishing and fraud, more and more companies are aware of these risks and are beginning to take action to improve security controls. The Federal Information Processing Standard (FIPS) 140-2 Encryption Standard, developed by the National Institute of Standards and Technology (NIST) and the Canadian Communication Security organization, is being accepted by an increasing number of security-sensitive enterprises. FIPS 140-2 is also the basis for the standard ANSI X9.66 of the financial institutions draft. Based on a security standard for Third-party validation, FIPS 140-2 is now empowered by the federal government to ensure the security of enterprise data, which enables companies to meet the IT information security requirements of a variety of federal regulations. The FIPS 140-2 standard involves sensitive but non-confidential information. It provides level 4 encryption and security based on the sensitivity of the data (e.g., administration, Million dollar transactions, life-protection data) and the diversity of the application environment (for example, security guard facilities, offices, completely unprotected environments). Each security level provides higher security than the previous level. These 4 security levels together provide cost-effective solutions for different data sensitivities and environments. Level 1th is the lowest FIPS 140-2 security level. Examples of products with level 1th security include PC encryption and software that runs on PCs and supports a single user. At the second level, the password module must be run on the validated operating system and hardware and provide tamper-logged and role-based authentication. Levels 3rd and 4th provide additional protection requirements (such as identity-based authentication), additional physical security mechanisms to prevent intruders from obtaining critical security parameters, and monitoring techniques to ensure integrity of the password modules in the operating environment of the device. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' Alt=fff src= '/files/uploadimg/20060124/1759530.jpg "Border=0> compliant cryptographic products typically allow the selective opening of secure FIPS mode. Many of the changes to FIPS requirements are not visible to users, while others are obvious. For example, when FIPS is started on the console server, many of the less secure features, protocols, and passwords are turned off and the options for higher security are set. Typical changes include the use of plaintext passwords such as Telnet, rlogin, or directory access protocols, requiring passwords longer than 6 characters, and strict restrictions on operating system access. Products that obtain FIPS 140-2 certification require thorough review and testing by a body approved by NIST, including a direct review of the source code to ensure the trustworthiness of the product's cryptographic algorithms, loading methods, operating systems, file data, operating software, and hardware. Information about a product is disclosed in the security policy of a particular product on the NIST website with a confirmation certificate. Security insurance policies include certified version information, instructions for starting FIPS mode, specific details about roles and certified products, approved and unapproved password features, key security parameters, and other relevant information. The FIPS 140-2 certificate is critical to product quality. NIST says it found and handled security vulnerabilities in more than 48% of the 168 products tested. Currently, more than 150 vendors offer a variety of commercially available hardware and software products that obtain FIPS 140-2 certification. The FIPS 140-2 Certificate provides independent security standards for many devices and is an excellent starting point for improving security. (Responsible editor: ZHAOHB) to force (0 Votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title of the party (0 Votes) passed (0 votes) by the original: encryption standards to become the Enterprise security control first step back to network security home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.