What does it mean that an application must comply with FIPS 140?

Question

What does it mean that an application must comply with FIPS 140?

Is it as simple as using cryptographic providers compatible with FIPS 140, or is there more? Are there any differences if this is a web application and a windows application? What if this is a distributed application? Are there any special considerations for IIS, WCF, ASP.Net, Silverlight, AJAX, etc.?

thank

+3

.net fips

Matthew Mar 04 '10 at 18:52

source share

2 answers

. , , , , , , . http://en.wikipedia.org/wiki/FIPS_140.

http://csrc.nist.gov/publications/PubsFIPS.html - FIPS.

0

LBushkin 04 . '10 18:55

kemiller2002 · Accepted Answer · 2010-03-04T19:00:01+0000

FIPS is a set of standards followed by the US government regarding information security. There are policies, practices, etc. To qualify as compatible, you must make sure that you use only certain algorithms, the hardware and software you use should be considered compatible, etc.

Is it as simple as using FIPS 140 compatible cryptography providers or is there more to it?

, , . , , , 140-2, , , . , IP- F5 SSL .., . , , , .

http://en.wikipedia.org/wiki/FIPS_140

, , :

http://csrc.nist.gov/groups/STM/index.html

http://csrc.nist.gov/groups/STM/cmvp/index.html

What does it mean that an application must comply with FIPS 140?

More articles: