| 翻訳と辞書 |
FIPS 140-3
The ''Federal Information Processing Standard'' (FIPS) Publication 140-3 (July 2007 Draft) was a proposed update to the U.S. government computer security standard used to accredit cryptographic modules. The title of the standard is ''Security Requirements for Cryptographic Modules'' and FIPS 140-2 remains the currently approved version. The FIPS 140-3 (2013 Draft) was scheduled for signature by the Secretary of Commerce in August 2013, however that never happened and the draft was subsequently abandoned. In 2014, NIST released a substantially different draft of FIPS 140-3, this version effectively directing the use of an International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) standard, 19790:2012, as the replacement for FIPS 140-2. The 2014 draft of FIPS 140-3 was also abandoned. On August 12, 2015, NIST formally released a statement on the Federal Register asking for comments on the potential use of portions of ISO/IEC 19790:2014 in the update of FIPS 140-2. The reference to a 2014-version of ISO/IEC 19790 was an inadvertent error in the Federal Registry posting, as 2012 is the most recent version.
FIPS 140-3 (2013 Draft) was developed following the discovery of a major security flaw in the cryptographic algorithmic tolerance of its predecessor. The new, hardened draft had a separate section for software security; required mitigation of non-invasive attacks when validating at higher security levels; introduced the concept of public security parameters; allowed the deference of certain self-tests until specific conditions are met; and strengthened the requirements on user authentication and integrity testing. It remains unclear whether these issues will be addressed in the ultimately approved release of FIPS 140-3.
==Purpose==
The National Institute of Standards and Technology (NIST) issued the FIPS 140 Publication Series to coordinate the requirements and standards for cryptography modules that include both hardware and software components. Federal agencies and departments can validate that the module in use is covered by an existing FIPS 140-2 certificate that specifies the exact module name, hardware, software, firmware, and/or applet version numbers. The cryptographic modules are produced by the private sector or open source communities for use by the U.S. government and other regulated industries (such as financial and health-care institutions) that collect, store, transfer, share and disseminate sensitive but unclassified (SBU) information. A commercial cryptographic module is also commonly referred to as a Hardware Security Module.
抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』
■ウィキペディアで「FIPS 140-3」の詳細全文を読む
スポンサード リンク
| 翻訳と辞書 : 翻訳のためのインターネットリソース |
Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.
|
|