Saturday, December 19, 2009

NIST Releases FIPS 140-3 Draft

Via (Dec 14, 2009) -

The National Institute of Standards and Technology released on Friday a revised draft to security metrics used by federal agencies to test how well their computer systems fight off hacking attempts.

NIST announced the new draft of the Federal Information Processing Standard 140-3, "Security Requirements for Cryptographic Modules," which guides agencies in their efforts to protect sensitive data. The standard specifies the security requirements for information systems' cryptographic modules, which provide services for confidentiality, integrity and authentication of information. A computer system's cryptographic modules might enforce password rules, for example, or data encryption requirements.

"FIPS 140-3 adds new security features that reflect recent advances in technology and security methods," said the draft document, which includes requirements for ensuring data protection in software applications and preventing non-invasive attacks that can be performed against a security application without direct physical contact.

No comments:

Post a Comment