Archive for fips

You are browsing the archives of fips.

Using a Home Email Server for Federal Govt Business

The following article was published in March of 2015, but it’s worth a fresh look since we now know much more about Hillary Clintons home email server. Specifically, the requirement for assessment and authorization seems to have been ignored completely in the media stories. The State Department CIO had specific responsibility for this and the […]

FISMA Law vs Home Email Server

Working for a federal agency that has IT functions regulated by public law and running an email server from home to use for agency business seems problematic, but it may be possible. Here are some of the laws and regulations that come into play: FISMA – PUBLIC LAW 107–347, DEC. 17 2002 is known as […]

FIPS Validated Encryption

FIPS 140-2 is the current (soon to be revised to FIPS 140-3) NIST encryption standard for government agencies protecting sensitive but unclassified information. NIST operates a Cryptographic Module Validation Program (CMVP) that offers testing of encryption (cryptographic modules) in products to ensure they are compliant with the FIPS standard. This testing involves not only which […]

FISMA and FIPS

FISMA – Federal Information Security Management Act of 2002 (aka Title III of E-Govt Act of 2002, pub law 107-347) Key documents associated with FISMA: FIPS 199 – Security Categorization – [csrc.nist.gov] FIPS 200 – Minimum Security Requirements – [csrc.nist.gov] NIST SP 800-53 – Security Controls – [csrc.nist.gov] SEE ALSO: Introduction to 800-53 Controls FIPS […]