Re: [Fed-Talk] Disabling sslv2 on ssh
Re: [Fed-Talk] Disabling sslv2 on ssh
- Subject: Re: [Fed-Talk] Disabling sslv2 on ssh
- From: "Miller, Timothy J." <email@hidden>
- Date: Thu, 26 Feb 2009 16:26:13 -0500
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Disabling sslv2 on ssh
On 2/26/09 2:16 PM, "Joshua Krage" <email@hidden> wrote:
> Its not every day I get to correct Tim Miller... usually its the
> other way around. :)
I've been wrong before, and I'll be wrong again...
> There _is_ a waiver process for FIPS140-2. Paragraph 16 on page "vi".
...but this is not one of those times. :)
FIPS 140-2 predates FISMA (140-2 was approved in 2001, FISMA passed in
2002), and the statute from which FIPS derived authority prior to FISMA
allowed waivers. Not any more. Note what the NIST FIPS Publications page
says:
"""
With the passage of the Federal Information Security Management Act of 2002,
there is no longer a statutory provision to allow for agencies to waive
mandatory Federal Information Processing Standards (FIPS). Therefore, the
references to the "waiver process" contained in many of the FIPS are no
longer applicable. ).
"""
http://csrc.nist.gov/publications/PubsFIPS.html
Also, check FIPS 140-3 Draft; there's no waiver process mentioned, nor is
there one defined in FISMA itself:
http://csrc.nist.gov/drivers/documents/FISMA-final.pdf
-- Tim
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden