LE3.1.1.4

REGULATIONS AND STANDARDSUsed terms. Laws. Standards.

FPS Help



Used terms

  • "National security" means the national defense or foreign relations of the United States.
  • "Information" means any knowledge that can be communicated or documentary material, regardless of its physical form or characteristics, that is owned by, produced by or for, or is under the control of the United States Government.
  • "Control" means the authority of the agency that originates information, or its successor in function, to regulate access to the information.
  • "Classified national security information" (hereafter "classified information") means information that has been determined pursuant to this order or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form.
  • "Unauthorized disclosure" means a communication or physical transfer of classified information to an unauthorized recipient.
  • "Damage to the national security" means harm to the national defense or foreign relations of the United States from the unauthorized disclosure of information, to include the sensitivity, value, and utility of that information.
  • "The Digital Millennium Copyright Act" (DMCA) is a 1998 United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization (WIPO). It criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to copyrighted works (commonly known as digital rights management or DRM). It also criminalizes the act of circumventing an access control, whether or not there is actual infringement of copyright itself. In addition, the DMCA heightens the penalties for copyright infringement on the Internet.
    Passed on October 12, 1998, by a unanimous vote in the United States Senate and signed into law by President Bill Clinton on October 28, 1998, the DMCA amended Title 17 of the United States Code to extend the reach of copyright, while limiting the liability of the providers of online services for copyright infringement by their users.

Different levels security

The security features can be divided into three levels:
Several kinds of technology that are new or in the process of being developed offer considerable potential for the creation of new types of personal data protection. This type of hybrid technology allows each computer system to guarantee "Top Secret" a level of protection.

In cryptography, security level is a measure of the strength that a cryptographic primitive such as a cipher or hash function.
In this case security level is expressed in "bits", where n-bit security means that the attacker would have to perform 2n operations to break it.
For example, AES-128 (key size 128 bits) is designed to offer a 128-bit security level, which is considered roughly equivalent to 3072-bit RSA.


Used standards

ISO 10116: Information Processing — Modes of Operation for an n-bit block cipher algorithm.
ISO 9797: Data cryptographic techniques — Data integrity mechanism using a cryptographic check function employing a block cipher algorithm.
ISO 9798-2: Information technology — Security technicues — Entity authentication mechanisms — Part 2: Entity authentication using symmetric techniques.
ISO 10118-2: Information technology — Security technicues — Hash-functions — Part 2: Hash-functions using an n-bit block cipher algorithm.
ISO 11770-2: Information technology — Security technicues — Key management — Part 2: Key management mechanisms using symmetric techniques.


Personal data protection documents

Privacy Act of 1974
Privacy Protection Act of 198



Legislation of USA

TITLE 50 - WAR AND NATIONAL DEFENSE
TITLE 44 - PUBLIC PRINTING AND DOCUMENTS
CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY
PRESIDENTIAL DECISION DIRECTIVE/NSC-63 (PDD-63 1998 г., Hspd-8 2003 г.)
H.R.145 - 100th Congress (1987-1988)
National Security Decision Directive - NSDD 145
10450 Security requirements for government employees
10501 Safeguarding official information in the interests of the defense of the United States
10865 Safeguarding classified information within industry
12829 National industrial security program
12968 Access to classified information


USA Standards

Encryption: Data Encryption Standard (DES) - FIPS 46-3
Encryption: DES Modes of Operation - FIPS 81
Encryption: Advanced Encryption Standard (AES) - FIPS 197 (with keys sizes of 128 and 256 bits)
Hashing: Secure Hash Algorithm - FIPS 180-2 (using SHA-256 and SHA-384)
Guidelines on Electronic Mail Security - Special Publication 800-45 Version 2


Rules for the protection of personal data inside and outside the EU

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995
DProtection of personal data in the European Union
Safeguarding privacy in a connected world. A Europe Data Protection Framework for the 21 century
COM (2010) 609 final report
General Data Protection Regulation (EU) 2016/679 ("GDPR")



  Contents