REGULATIONS AND STANDARDS FIPS, NIST, ISO, GOST

USED TERMS

• National security means the national defense or foreign relations of the United States.


• Information means any knowledge that can be communicated or documentary material, regardless of its physical form or characteristics, that is owned by, produced by or for, or is under the control of the United States Government.


• Control means the authority of the agency that originates information, or its successor in function, to regulate access to the information.


• Classified national security information (hereafter classified information) means information that has been determined pursuant to this order or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form.


• Unauthorized disclosure means a communication or physical transfer of classified information to an unauthorized recipient.


• Damage to the national security means harm to the national defense or foreign relations of the United States from the unauthorized disclosure of information, to include the sensitivity, value, and utility of that information.


• Damage to the national security means harm to the national defense or foreign relations of the United States from the unauthorized disclosure of information, to include the sensitivity, value, and utility of that information.


• The Digital Millennium Copyright Act (DMCA) is a 1998 United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization (WIPO). It criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to copyrighted works (commonly known as digital rights management or DRM). It also criminalizes the act of circumventing an access control, whether or not there is actual infringement of copyright itself. In addition, the DMCA heightens the penalties for copyright infringement on the Internet. Passed on October 12, 1998, by a unanimous vote in the United States Senate and signed into law by President Bill Clinton on October 28, 1998, the DMCA amended Title 17 of the United States Code to extend the reach of copyright, while limiting the liability of the providers of online services for copyright infringement by their users.

DIFFERENT LEVELS SECURITY

The security features can be divided into three levels:

• Top Secret
• Secret
• Confidential

Several kinds of technology that are new or in the process of being developed offer considerable potential for the creation of new types of personal data protection. This type of hybrid technology allows each computer system to guarantee "Top Secret" a level of protection.

In cryptography, security level is a measure of the strength that a cryptographic primitive such as a cipher or hash function.

In this case security level is expressed in "bits", where n-bit security means that the attacker would have to perform 2n operations to break it.

For example, AES-128 (key size 128 bits) is designed to offer a 128-bit security level, which is considered roughly equivalent to 3072-bit RSA.

RULES FOR THE PROTECTION OF PERSONAL DATA

• Privacy Act of 1974 - Privacy Act of 1974.


• Privacy Act of 1980 - Privacy Protection Act of 1980.


• Directive 95/46/EC - Directive 95/46/EC of the European Parliament and of the Council.


• DProtection - Data Protection of personal data in the European Union.


• Safeguarding privacy in a connected world - A Europe Data Protection Framework for the 21 century.


• General Data Protection Regulation - (EU) 2016/679 ("GDPR").

USED ISO STANDARDS

• ISO 10116: Information Processing — Modes of Operation for an n-bit block cipher algorithm.


• ISO 9798-2: Information technology — Security technicues — Entity authentication mechanisms — Part 2: Entity authentication using symmetric techniques.


• ISO 10118-2: Information technology — Security technicues — Hash-functions — Part 2: Hash-functions using an n-bit block cipher algorithm.


• ISO 10118-2: Information technology — Security technicues — Hash-functions — Part 2: Hash-functions using an n-bit block cipher algorithm.


• ISO 11770-2: Information technology — Security technicues — Key management — Part 2: Key management mechanisms using symmetric techniques.

USA STANDARDS

• Encryption - Data Encryption Standard (DES) - FIPS 46-3.


• Encryption - DES Modes of Operation - FIPS 81.


• Encryption - Advanced Encryption Standard (AES) - FIPS 197 (with keys sizes of 128 and 256 bits).


• Hashing - Advanced Encryption Standard (AES) - FIPS 197 (with keys sizes of 128 and 256 bits).


• Guidelines on Electronic - Advanced Encryption Standard (AES) - FIPS 197 (with keys sizes of 128 and 256 bits).

LEGISLATION OF USA

• TITLE 50 - WAR AND NATIONAL DEFENSE.


• TITLE 44 - PUBLIC PRINTING AND DOCUMENTS.


• CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY.


• NSC-63 - PRESIDENTIAL DECISION DIRECTIVE/NSC-63 (PDD-63 1998 г., Hspd-8 2003 г.).


• H.R.145 - 100th Congress (1987-1988).


• NSDD 145 - National Security Decision Directive.


• 10450 - Security requirements for government employees.


• 10501 - Safeguarding official information in the interests of the defense of the United States.


• 10865 - Safeguarding classified information within industry.


• 12829 - National industrial security program.


• 12968 - Access to classified information.

Relationship To Government Publishing

• TITLE 50 - WAR AND NATIONAL DEFENSE.


• TITLE 44 - PUBLIC PRINTING AND DOCUMENTS.


• CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY.


• NSC-63 - PRESIDENTIAL DECISION DIRECTIVE/NSC-63 (PDD-63 1998 г., Hspd-8 2003 г.).


• H.R.145 - 100th Congress (1987-1988).


• NSDD 145 - National Security Decision Directive.


• 10450 - Security requirements for government employees.


• 10501 - Safeguarding official information in the interests of the defense of the United States.


• 10865 - Safeguarding classified information within industry.


• 12829 - National industrial security program.


• 12968 - Access to classified information.

Relationship To Other NIST Documents
( Standards for Security Categorization of Federal Information and Information, FIPS 199 )

• NIST SP 800-60, (Guide for Mapping Types of Information and Information Systems to Security Categories) provides guidance for establishing the security categorization for a system’s confidentiality. This categorization will impact the level of assurance an organization should require in making sanitization decisions.


• FIPS 200, (Minimum Security Requirements for Federal Information and Information Systems) sets a base of security requirements that requires organizations to have a media sanitization program.


• NIST SP 800-53, (Recommended Security Controls for Federal Information Systems) provides minimum recommended security controls, including sanitization, for Federal systems based on their overall system security categorization.


• NIST SP 800-53A, (Guide for Assessing the Security Controls in Federal Information Systems) provides guidance for assessing security controls, including sanitization, for federal systems based on their overall system security categorization.