Which is the U.S. standard for cryptographic modules?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Study for the WGU ITAS 2142 D830 Introduction to Cryptography Exam. Review flashcards and multiple choice questions with hints and explanations. Get ready for your exam!

Multiple Choice

Which is the U.S. standard for cryptographic modules?

Explanation:
FIPS defines the U.S. standard for cryptographic modules, setting the security requirements for modules used to protect federal information and the validation process they must go through before they can be used in government systems. Specifically, FIPS 140-2 (and the newer FIPS 140-3) outlines how cryptographic modules should be designed, implemented, and tested, covering areas like physical security, cryptographic algorithms, key management, and tamper evidence. The Cryptographic Module Validation Program (CMVP), run by NIST in partnership with another agency, is how modules get validated to meet these requirements. Other standards mentioned serve different purposes: ISO 27001 focuses on information security management systems and is international, NIST SP 800-53 catalogs security controls for federal systems, and PCI-DSS targets protection of payment card data. They aren’t the U.S. standard specifically for cryptographic modules, which is why FIPS is the correct reference.

FIPS defines the U.S. standard for cryptographic modules, setting the security requirements for modules used to protect federal information and the validation process they must go through before they can be used in government systems. Specifically, FIPS 140-2 (and the newer FIPS 140-3) outlines how cryptographic modules should be designed, implemented, and tested, covering areas like physical security, cryptographic algorithms, key management, and tamper evidence. The Cryptographic Module Validation Program (CMVP), run by NIST in partnership with another agency, is how modules get validated to meet these requirements.

Other standards mentioned serve different purposes: ISO 27001 focuses on information security management systems and is international, NIST SP 800-53 catalogs security controls for federal systems, and PCI-DSS targets protection of payment card data. They aren’t the U.S. standard specifically for cryptographic modules, which is why FIPS is the correct reference.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy