Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Question Four a) Based on what the Federal Information Processing Standard 199 (

ID: 3850315 • Letter: Q

Question

Question Four

a) Based on what the Federal Information Processing Standard 199 (FIPS-199)

requires information owners to classify information and information systems?

Provide a detailed answer.

b) Are there any differences between classifying governmental information and

commercial information? And are there any common levels of classification

have been used to classify governmental information and commercial

information? Explain your answers and supported them with examples (NOT

from the book or slides).

c) Can a company make a change on classified information? Assuming now a

company feels that such information need higher protection or the company

decide to make some information that was classified as secret to be accessed by

public. Here, is there any mechanism or process that allows a change in

classified information. Explain your answers and supported them with

examples (NOT from the book or slides).

Explanation / Answer

The National Institute of Standards and Technology (NIST) issued the FIPS one hundred forty Publication Series to coordinate the necessities and standards for cryptography modules that embody each hardware and computer code elements. Protection of a cryptanalytic module among a security system is critical to take care of the confidentiality and integrity of the data protected by the module. This customary specifies the protection needs that may be glad by a cryptanalytic module. the quality provides four increasing, qualitative levels of security meant to hide a large vary of potential applications and environments. the protection needs cowl areas associated with the secure style and implementation of a cryptanalytic module. These areas embody cryptanalytic module specification; cryptanalytic module ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptanalytic key management; magnetic force interference/electromagnetic compatibility (EMI/EMC); self-tests; style assurance; and mitigation of different attacks.[3]

Federal agencies ANd departments will validate that the module in use is roofed by an existing FIPS 140-1 or FIPS 140-2 certificate that specifies the precise module name, hardware, software, firmware, and/or application program version numbers. The cryptanalytic modules square measure made by the non-public sector or open supply communities to be used by the U.S. government and different regulated industries (such as monetary and health-care institutions) that collect, store, transfer, share and pass around sensitive however unclassified (SBU) data. an advertisement cryptanalytic module is additionally ordinarily named as a hardware security module.

Security levels[edit]
FIPS 140-2 defines four levels of security, merely named "Level 1" to "Level 4". It doesn't specify thoroughly what level of security is needed by any specific application.

Level 1[edit]
Security Level one provides very cheap level of security. Basic security needs square measure nominative for a cryptanalytic module (e.g., a minimum of one Approved algorithmic program or Approved security operate shall be used). No specific physical security mechanisms square measure needed during a Security Level one cryptanalytic module on the far side the fundamental demand for production-grade elements. AN example of a Security Level one cryptanalytic module may be a laptop computer (PC) encoding board.

Level 2[edit]
Security Level a pair of improves upon the physical security mechanisms of a Security Level one cryptanalytic module by requiring options that show proof of meddling, together with tamper-evident coatings or seals that has to be broken to achieve physical access to the plaintext cryptanalytic keys and demanding security parameters (CSPs) among the module, or pick-resistant locks on covers or doors to guard against unauthorized physical access.

Level 3[edit]
In addition to the tamper-evident physical security mechanisms needed at Security Level a pair of, Security Level three tries to forestall the entrant from gaining access to CSPs control among the cryptanalytic module. Physical security mechanisms needed at Security Level three square measure meant to own a high chance of detection and responding to tries at physical access, use or modification of the cryptanalytic module. The physical security mechanisms might embody the utilization of robust enclosures and tamper-detection/response electronic equipment that zeroes all plaintext CSPs once the removable covers/doors of the cryptanalytic module square measure opened.

Level 4[edit]
Security Level four provides the best level of security.

At this security level, the physical security mechanisms offer an entire envelope of protection round the cryptanalytic module with the intent of detection and responding to all or any unauthorized tries at physical access.

Penetration of the cryptanalytic module enclosure from any direction incorporates a terribly high chance of being detected, leading to the immediate deletion of all plaintext CSPs.

Security Level four cryptanalytic modules square measure helpful for operation in physically unprotected environments. Security Level four additionally protects a cryptanalytic module against a security compromise as a result of environmental conditions or fluctuations outside of the module's traditional in operation ranges for voltage and temperature. Intentional excursions on the far side the conventional in operation ranges is also utilized by AN wrongdoer to thwart a cryptanalytic module's defenses. A cryptanalytic module is needed to either embody special environmental protection options designed to discover fluctuations and delete CSPs, or to endure rigorous environmental failure testing to supply an inexpensive assurance that the module won't be full of fluctuations outside of the conventional in operation aim a fashion that may compromise the protection of the module.

Related Questions

Question Details design a class named Rectangle to represent a rectangle . the c
Question #3627595
Question Details please could someone help me with the following question. All w
Question #1817465
Question Details state whether or not it is regular. (1) All strings over the al
Question #3637145
Question Details the mangement of croker corp is doing a quick forcast of 20x9 u
Question #2669154
Question Details x.øi5culate the indicated ratios for Barry.Construct the extend
Question #2662878
Question Details you are required to enter the following transactions for May 19
Question #2377516
Question Details you are required to enter the following transactions for May 19
Question #2379516
Question Details you should have at least one loop and you need to only display
Question #3632532
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Question Four CASH FLOW ANALYSIS (20 MARKS) Right Drive Tyres Ltd has t Drive Ty
Next
Question Frogue Corporation uses a standard cost system. The following informati

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.