Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Federal Information Processing Standards

Posted on 2011-10-10
8
Medium Priority
?
472 Views
Last Modified: 2012-05-12
What exactly is Federal Information Processing Standards 140/2 in terms of encryption?

Is it disc level encryption / or data in transit type encryption?

If the only purpose you use a smartphone/ipad for is accessing a corporate info system - and data in transit is encrypted - do you still need some form of data at rest encryption as well? or is it not required?
0
Comment
Question by:pma111
  • 4
  • 3
8 Comments
 
LVL 12

Accepted Solution

by:
xmlmagician earned 1000 total points
ID: 36941373
0
 
LVL 3

Author Comment

by:pma111
ID: 36941380
As  very novice to encryption i to googled the standard but I would prefer for piece of mind if someone could let me no with comments as opposed links - in relation to my question
0
 
LVL 3

Author Comment

by:pma111
ID: 36941389
The 2nd link doesnt even open:

We had a problem finding the PDF.

Please click Back and try again.

Contact webmaster@sans.org if the problem persists.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 12

Expert Comment

by:xmlmagician
ID: 36941422
it opens fine on my google chrome. Would you like me to send it to you.

the only reason i sent you the links it is because you will ultimately be liable if something goes wrong and you should know things inside out if you are going sign on the bottom of any document.

I am pretty sure that if something goes horribly wrong you will not say to the judge it is not my fault xmlmagician from experts - exchange said so.

My apologies if i come across as a bit abrupt but you will thank me in the long run. Happy reading.
0
 
LVL 12

Expert Comment

by:xmlmagician
ID: 36941426
no need to email you the file i have upload it here
securing-sensitive-data-understa.pdf
0
 
LVL 3

Author Comment

by:pma111
ID: 36941432
Il give it a read at some point its just tricky as on a smartphoen so reading heft docs is sometimes unfreindly on the eye - espeically early monday morning :)
0
 
LVL 3

Author Comment

by:pma111
ID: 36941440
PS - i dont need to sign anything I just need to get a real management level understanding so if someone says we are getting a FIPS level product to protect data on ipads, i know its probably referring to a FIP compliant "data at rest" product as opposed to something like a digital certifacate or a "data in transit" encryption tool for passing data to/from a corporate app/the ipad

I am not implementing anything
0
 
LVL 25

Assisted Solution

by:RobMobility
RobMobility earned 1000 total points
ID: 36971946
Hi,

Why not get Good for Enterprise (www.good.com) - it's FIPS 140-2 for both data at rest and data in transit with all data stored in secure application that handles email, contacts, calendar and secure browser gives you access to intranet and other internal content.

It's used widely by US DOD as well as other Governments so very secure.

In addition, it allows you to set IT policies, passwords, remote kill, application deployment, jailbreak detection and supports both iOS smartphone as well as tablets and iOS5 is supported.

additional integration with other apps available shortly so data can be secured using same APIs as Good uses.

iPad native encryption is not yet FIPS 140-2 and as such there could be concerns over robustness and how AES is implemented? IOS VPN split tunnels even though it can be configured not to do so - therefore it would fail compliance if this was used.

Regards,


RobMobility.
0

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question