BUSCA

Links Patrocinados

Destaques NetSaber:
- Apostilas para Concursos Públicos
- Resumo de O Mundo de Sofia
- Telecurso 2000
- Apostila para Concursos
- Apostilas de Direito
- Apostilas de Contabilidade
- Resumo de O Guarani
- Resumo de Iracema
- Resumo de Dom Quixote
- Apostilas de Inglês
- Resumo de Dom Casmurro
- Apostilas de Informática
- Resumo de A Moreninha
- Apostilas para Vestibular
- Resumo de A Arte da Guerra
- Receitas Culinárias
- Dicionário de Português
- Frases e Citações
- Interpretação dos Sonhos
- Fontes Grátis
- Notícias
- Artigos
- Artigos sobre Fisioterapia
- Livros de Machado de Assis
- Livros de Casimiro de Abreu
- Download de Livros
- Livros de Filosofia
- Livros de Administração
- Livros de Direito
- Livros de Agronomia

FIPS 140-1 became a mandatory standard for the protection of sensitive data when the Secretary of Commerce signed the standard on January 11, 1994. FIPS 140-2 supercedes FIPS 140-1 and the standard was signed on May 25, 2001. The applicability statement from FIPS 140-2
7. Applicability. This standard is applicable to all Federal agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems (including voice systems) as defined in Section 5131 of the Information Technology Management Reform Act of 1996, Public Law 104-106. This standard shall be used in designing and implementing cryptographic modules that Federal departments and agencies operate or are operated for them under contract. Cryptographic modules that have been approved for classified use may be used in lieu of modules that have been validated against this standard. The adoption and use of this standard is available to private and commercial organizations.
Unvalidated Cryptographic Modules by Federal Agencies and Departments

FIPS 140-2 precludes the use of unvalidated cryptography for the cryptographic protection of sensitive or valuable data within Federal systems. Unvalidated cryptography is viewed by NIST as providing no protection to the information or data ? in effect the data would be considered unprotected plaintext. If the agency specifies that the information or data be cryptographically protected, then FIPS 140-2 is applicable. In essence, if cryptography is required, then it must be validated.
With the passage of the Federal Information Security Management Act (FISMA) of 2002, there is no longer a statutory provision to allow for agencies to waive mandatory Federal Information Processing Standards (FIPS). The waiver provision had been included in the Computer Security Act of 1987; however, FISMA supercedes that Act. Therefore, the references to the "waiver process" contained in many of the FIPS listed below are no longer operative.
As background, below is a list of facts found in FIPS 140-2 and other supporting NIST documents:

Cryptography: The discipline which embodies principles, means and methods for the transformation of data to hide its information content, prevent its undetected modification, prevent its unauthorized use or a combination thereof. [ANSI X9.31]
Cryptography deals with the transformation of ordinary text (plaintext) into coded form (ciphertext) by encryption and transformation of ciphertext into plaintext by decryption. [NIST SP 800-2]
The selective application of technological and related procedural safeguards is an important responsibility of every Federal organization in providing adequate security in its computer and telecommunication systems. This standard [FIPS 140-2] provides a standard that will be used by Federal organizations when these organizations specify that cryptographic-based security systems are to be used to provide protection for sensitive or valuable data. [FIPS 140-2]
The FIPS 140-2 standard is applicable to all Federal agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems (including voice systems) as defined in Section 5131 of the Information Technology Management Reform Act of 1996, Public Law 104-106. [FIPS 140-2]
FIPS 140-2 shall be used in designing and implementing cryptographic modules that Federal departments and agencies operate or are operated for them under contract. [FIPS 140-2]
With the passage of the Federal Information Security Management Act (FISMA) of 2002, there is no longer a statutory provision to allow for agencies to waive mandatory Federal Information Processing Standards (FIPS). The waiver provision had been included in the Computer Security Act of 1987; however, FISMA supercedes that Act. Therefore, the references to the "waiver process" contained in many of the FIPS are no longer operative