2.3 - Relate how national bodies such as NCSC, GCHQ, NIST and FIPS provide guidance and information to public and private sector organisations

Question 1

What is Federal Information Processing Standard 140-2?

Answer 1

It is the benchmark for validating the effectiveness of cryptographic hardware

Question 2

Who issued FIPS 140-2?

Answer 2

National Institute of Standards and Technology (NIST)

Question 3

How many FIPS security levels are there?

Answer 3

4

Question 4

What is FIPS Level 1?

Answer 4

Level 1: Provides the lowest level of security. Basic security requirements are at least one Approved algorithm or Approved security function and production-grade component are required.

Question 5

What is FIPS Level 2?

Answer 5

Level 2: Adds requirements for physical tamper-evidence and role-based authentication.

Question 6

What is FIPS Level 3?

Answer 6

Level 3: Adds requirements for physical tamper-resistance and identity-based authentication.

Question 7

What is FIPS Level 4?

Answer 7

Level 4: Makes the physical security requirements more stringent, requiring the ability to be tamper-active.

Question 8

What is a security policy?

Answer 8

A security policy is a formal statement of the rules by which employees who use technology within the company.

Question 9

What is NIST SP 500?

Answer 9

Computer Systems Technology - includes conference and meeting proceedings; best practice recommendations; and reports on test methods, specifications, and data formats from the Information Technology Laboratory (ITL)

Question 10

What is NIST SP 800?

Answer 10

Computer Security Series - Publications in the SP800 series present information of interest to the computer security community

Question 11

What is NIST SP 1800?

Answer 11

NIST Cybersecurity Practice Guides - target specific cybersecurity challenges in the public and private sectors.

Question 12

What is NIAP?

Answer 12

National Information Assurance Partnership - US CC Certifies protection profiles, approves test labs, evaluate security targets

Question 13

What are Certificate consuming members?

Answer 13

They recognise CC certifications

Question 14

What is the CCRA

Answer 14

Common Criteria Recognition Arrangement - Defines the list of members that test CC

Question 15

What is FIPs used?

Answer 15

In computer systems by non-military American government agencies and government contractors

Question 16

What is FIPS 197?

Answer 16

Standard for ADVANCED ENCRYPTION STANDARD (AES)

Question 17

What is FIPS 46-3?

Answer 17

Data Encryption Standard (DES)

Question 18

What is FIPS 140?

Answer 18

Security requirements for cryptography modules

Question 19

What is FIPS 137?

Answer 19

Federal Standard for Linear Predictive Coding

Question 20

What is FIPS 199?

Answer 20

Standards for Security Categorization of Federal Information and Information Systems

Question 21

What is FIPS FIPS 201?

Answer 21

Personal Identity Verification for Federal Employees and Contractors

Question 22

What is FISMA?

Answer 22

Federal Information Security Modernization Act of 2014

Question 23

What does Federal Information Security Modernization Act of 2014 emphasize?

Answer 23

risk-based policy for cost-effective security.

Question 24

What does FISMA require executive agencies within the federal government to do?

Answer 24

• Plan for security
• Ensure that appropriate officials are assigned security responsibility
• Periodically review the security controls in their systems
• Authorize system processing prior to operations and, periodically, thereafter