publicdata/nih-gov
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nih-gov/ocio.nih.gov/information-security/encryption
Scott Williams 7bcb500d37 Initial commit.
2025-02-26 13:17:41 -05:00

538 lines
24 KiB
Text
Raw Blame History

<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta name="msvalidate.01" content="32F4B49556465F64EA5B8AD5BA13CC53" />
<meta charset="utf-8" />
<meta name="description" content="All NIH laptops and tablet computers must be encrypted with a FIPS 140-2 or 140-3* compliant encryption software package.If you include personally identifiable information (PII) or sensitive data in an e-mail message, that message must be encrypted!PII and sensitive data must NOT be stored on personally owned equipment. If transported, it must be stored on an encrypted government-owned (or authorized encrypted contractor owned) laptop or portable storage device." />
<link rel="canonical" href="http://ocio.nih.gov/information-security/encryption" />
<meta name="Generator" content="Drupal 10 (https://www.drupal.org)" />
<meta name="MobileOptimized" content="width" />
<meta name="HandheldFriendly" content="true" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="icon" href="/sites/external/files/favicon.ico" type="image/vnd.microsoft.icon" />
<title>Encryption | Office of the Chief Information Officer</title>
<link rel="stylesheet" media="all" href="/sites/external/files/css/css_RdGZe4qJLpqr-CsLgDk_PZPMdHkZFNG8n4ruZQezCbs.css?delta=0&amp;language=en&amp;theme=ocio&amp;include=eJw1i1EKQyEMBC9k8UgPjYsEYhaMr8WevqXSv50ZVjiRnXMU0zeSlc17XfVWa5h5vSi0KyBL6f_aNIRPzJ3p-PZEUeZaAmd1Yy32iLVNvR83EFE64pCzIcWOhfH7fQACuzR1" />
<link rel="stylesheet" media="all" href="/sites/external/files/css/css_wp3ahUA__94cB1ItKdS5TN7ZTpZGZoMgp61trv8PpJQ.css?delta=1&amp;language=en&amp;theme=ocio&amp;include=eJw1i1EKQyEMBC9k8UgPjYsEYhaMr8WevqXSv50ZVjiRnXMU0zeSlc17XfVWa5h5vSi0KyBL6f_aNIRPzJ3p-PZEUeZaAmd1Yy32iLVNvR83EFE64pCzIcWOhfH7fQACuzR1" />
<script async type="text/javascript" id="_fed_an_ua_tag" src="https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=HHS&subagency=NIH"></script>
</head>
<body class="path-node page-node-type-page">
<a href="#main-content" class="visually-hidden focusable skip-link">
Skip to main content
</a>
<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-V5CVZFS3RG"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-V5CVZFS3RG');
</script>
<div class="dialog-off-canvas-main-canvas" data-off-canvas-main-canvas>
<div class="ocio-page-container">
<header id="header" role="banner">
<div class="hhs-banner">
<div class="container-fluid">
<a href="https://www.hhs.gov/" targer="_blank">
U.S. Department of Health &amp; Human Services
</a>
</div>
</div>
<div class="container-fluid">
<div class="ocio-header-container">
<div id="block-ocio-site-branding--2" class="site-branding block block-system block-system-branding-block">
<a href="/" rel="home" class="site-logo">
<img src="/sites/external/files/OCIO-Gray-Logo_0.png" alt="Home" />
</a>
</div>
<div>
</div>
<div class="search-block-form block block-search" data-drupal-selector="search-block-form-2" id="block-ocio-searchform--2" role="search">
<a href="#" type="button" class="btn btn-sm btn-logout btn-mobile-square-icon btn-mobile-square-icon--search mobile-only d-lg-none" data-bs-toggle="collapse" data-bs-target="#collapseSearch" aria-expanded="false" aria-controls="collapseSearch">Show Search</a>
<div class="collapse collapse--lg" id="collapseSearch">
<form id="search_form" class="search-container" action="https://search.usa.gov/search" accept-charset="UTF-8" method="get">
<input type="hidden" name="affiliate" id="affiliate" value="ocio" autocomplete="off" />
<input type="text" name="query" id="query" autocomplete="off" class="usagov-search-autocomplete form-control" placeholder="Search" aria-label="Enter Search Terms" />
<input type="submit" name="commit" value="Search" class="search-svg" id="search-submit" data-disable-with="Search" />
</form>
</div>
</div>
</div>
</div>
<div id="header-nav" class="header-nav" data-drupal-selector="header-nav">
<div class="region region-primary-menu">
<nav role="navigation" aria-label="OCIO Main Menu" id="block-ocio-main-menu" class="block block-menu navigation menu--main navbar navbar-expand-lg navbar-light">
<div class="container-fluid">
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#ocioNavbar" aria-controls="ocioNavbar" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="ocioNavbar">
<ul block="block-ocio-main-menu" class="navbar-nav menu--level-0">
<li class="menu__item menu__item--link menu__item--level-0 nav-item">
<a href="/digital-nih" class="menu__link menu__link--link menu__link--level-0 nav-link" data-drupal-link-system-path="node/39">IT Strategy</a>
</li>
<li class="menu__item menu__item--link menu__item--level-0 nav-item">
<a href="/enterprise-acquisitions" class="menu__link menu__link--link menu__link--level-0 nav-link" data-drupal-link-system-path="node/46">Enterprise Acquisitions</a>
</li>
<li class="menu__item menu__item--link menu__item--level-0 menu__item--has-children nav-item">
<a href="/it-governance" class="menu__link menu__link--link menu__link--level-0 menu__link--has-children nav-link" data-drupal-link-system-path="node/100">IT Governance</a>
<ul block="block-ocio-main-menu" class="menu--level-0 menu--level-1">
<li class="menu__item menu__item--link menu__item--level-1">
<a href="/it-governance/it-budget" class="menu__link menu__link--link menu__link--level-1" data-drupal-link-system-path="node/101">IT Budget</a>
</li>
<li class="menu__item menu__item--link menu__item--level-1">
<a href="/it-governance/it-policy-standards-and-guidance" class="menu__link menu__link--link menu__link--level-1" data-drupal-link-system-path="node/102">IT Policy, Standards and Guidance</a>
</li>
<li class="menu__item menu__item--link menu__item--level-1">
<a href="/it-governance/managing-it-projects-and-investments" class="menu__link menu__link--link menu__link--level-1" data-drupal-link-system-path="node/103">Managing IT Projects and Investments</a>
</li>
<li class="menu__item menu__item--link menu__item--level-1">
<a href="/it-governance/department-health-and-human-services-hhs" class="menu__link menu__link--link menu__link--level-1" data-drupal-link-system-path="node/105">The Department of Health and Human Services (HHS)</a>
</li>
</ul>
</li>
<li class="menu__item menu__item--link menu__item--level-0 menu__item--active-trail menu__item--has-children nav-item">
<a href="/public-information-security" class="menu__link menu__link--link menu__link--level-0 menu__link--active-trail menu__link--has-children nav-link" data-drupal-link-system-path="node/41">Information Security</a>
<ul block="block-ocio-main-menu" class="menu--level-0 menu--level-1">
<li class="menu__item menu__item--link menu__item--level-1 menu__item--active-trail">
<a href="/information-security/encryption" class="menu__link menu__link--link menu__link--level-1 menu__link--active-trail is-active" data-drupal-link-system-path="node/40" aria-current="page">Encryption</a>
</li>
<li class="menu__item menu__item--link menu__item--level-1">
<a href="/information-security/nih-security-training" class="menu__link menu__link--link menu__link--level-1" data-drupal-link-system-path="node/45">NIH Security Training</a>
</li>
</ul>
</li>
<li class="menu__item menu__item--link menu__item--level-0 menu__item--has-children nav-item">
<a href="/section-508" class="menu__link menu__link--link menu__link--level-0 menu__link--has-children nav-link" data-drupal-link-system-path="node/121">Section 508</a>
<ul block="block-ocio-main-menu" class="menu--level-0 menu--level-1">
<li class="menu__item menu__item--link menu__item--level-1">
<a href="/section-508/section-508-coordinators" class="menu__link menu__link--link menu__link--level-1" data-drupal-link-system-path="node/120">Section 508 Coordinators</a>
</li>
</ul>
</li>
<li class="menu__item menu__item--link menu__item--level-0 menu__item--has-children nav-item">
<a href="/about-us" class="menu__link menu__link--link menu__link--level-0 menu__link--has-children nav-link" data-drupal-link-system-path="node/37">About Us</a>
<ul block="block-ocio-main-menu" class="menu--level-0 menu--level-1">
<li class="menu__item menu__item--link menu__item--level-1">
<a href="/about-us/contact-us" class="menu__link menu__link--link menu__link--level-1" data-drupal-link-system-path="node/36">Contact Us</a>
</li>
<li class="menu__item menu__item--link menu__item--level-1">
<a href="/about-us/organization-and-leadership" class="menu__link menu__link--link menu__link--level-1" data-drupal-link-system-path="node/19">Organization and Leadership</a>
</li>
<li class="menu__item menu__item--link menu__item--level-1">
<a href="/about-us/nih-ocio-speaking-engagement-request" class="menu__link menu__link--link menu__link--level-1" data-drupal-link-system-path="node/124">NIH OCIO Speaking Engagement Request</a>
</li>
</ul>
</li>
</ul>
</div>
<div class="main-nav-addon">
<a href="/nih/portal" type="button" class="btn btn-sm btn-navbar btn-mobile-square-icon btn-mobile-square-icon--nih-only">NIH Only Login</a>
</div>
</div>
</nav>
</div>
</div>
</header>
<main role="main" id="content">
<div class="page-title-container bg-image bg-image--right">
<div class="container-fluid">
<div class="region region-heading">
<div id="block-ocio-page-title" class="block block-core block-page-title-block">
<h1 class="page-title"><span class="field field--name-title field--type-string field--label-hidden">Encryption</span>
</h1>
</div>
</div>
</div>
</div>
<div class="container-fluid">
<div class="region region-breadcrumb">
<div id="block-ocio-breadcrumbs" class="block block-system block-system-breadcrumb-block">
<nav role="navigation" aria-label="breadcrumb">
<ol class="breadcrumb">
<li class="breadcrumb-item">
<a href="/">Home</a>
</li>
<li class="breadcrumb-item active" aria-current="page">Encryption</li>
</ol>
</nav>
</div>
</div>
<div class="region region-highlighted">
<div data-drupal-messages-fallback class="hidden"></div>
</div>
</div>
<div class="container-fluid layout-content" id="main-content">
<div class="region region-content">
<div id="block-ocio-content" class="block block-system block-system-main-block">
<article data-history-node-id="40" class="node node--type-page node--view-mode-full">
<div class="node__content">
<div class="layout layout--onecol">
<div class="layout__region layout__region--content">
<div class="block block-layout-builder block-extra-field-blocknodepagecontent-moderation-control">
</div>
<div class="block block-layout-builder block-extra-field-blocknodepagelinks">
</div>
</div>
</div>
<div class="layout layout--twocol-section layout--twocol-section--67-33">
<div class="layout__region layout__region--first">
<div class="block block-layout-builder block-field-blocknodepagebody">
<div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>All NIH laptops and tablet computers must be encrypted with a FIPS 140-2 or 140-3* compliant encryption software package.</p><p>If you include personally identifiable information (PII) or sensitive data in an e-mail message, that message must be encrypted!</p><p>PII and sensitive data must NOT be stored on personally owned equipment. If transported, it must be stored on an encrypted government-owned (or authorized encrypted contractor owned) laptop or portable storage device.</p><p>See <a href="https://intranet.hhs.gov/document/hhs-standard-encryption-computing-devices-and-information">HHS Standard for Encryption of Computing Devices and Information</a> for additional details.</p><h3>Background Information</h3><p>Encryption is the process of encoding messages (or information) in such a way that eavesdroppers or hackers cannot read it, but that authorized parties can. In an encryption scheme, the message or information (referred to as plaintext) is encrypted using an encryption algorithm, turning it into an unreadable cipher text (ibid.). This is usually done with the use of an encryption key, which specifies how the message is to be encoded. Any adversary that can see the ciphertext, should not be able to determine anything about the original message. An authorized party, however, is able to decode the ciphertext using a decryption algorithm, that usually requires a secret decryption key, that adversaries do not have access to. For technical reasons, an encryption scheme usually needs a key-generation algorithm, to randomly produce keys. (Source: Wikipedia)</p><p>A Federal Information Processing Standard (FIPS) is a publicly announced standardization developed by the United States federal government for use in computer systems by all non-military government agencies and by government contractors, when properly invoked and tailored on a contract.&nbsp;<br>(Source: Wikipedia)</p><p>The Federal Information Processing Standard (FIPS) Publication 140-2, FIPS PUB 140-2, is a federal government computer security standard. This standard specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting sensitive but unclassified information. The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3, and Level 4. These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be employed. The security requirements cover areas related to the secure design and implementation of a cryptographic module.&nbsp;<br>(Ref: )</p><p>*On March 22, 2019, the Secretary of Commerce approved FIPS 140-3, Security Requirements for Cryptographic Modules, which supersedes FIPS 140-2. The new standard introduces some significant changes. Rather than encompassing the module requirements directly, FIPS 140-3 references ISO/IEC 19790:2012. The testing for these requirements will be in accordance with ISO/IEC 24759:2017. While there are few major technical requirement changes, the use of the ISO documents requires several procedural changes in the management and execution of the validation program and process.</p><p>FIPS 140-2 modules can remain active for 5 years after validation or until September 21, 2026, when the FIPS 140-2 validations will be moved to the historical list. &nbsp;Even on the historical list, CMVP supports the purchase and use of these modules for existing systems.&nbsp;</p><ul><li><a href="http://irtsectraining.nih.gov/">NIH Information Security and Privacy Training</a></li><li><a href="https://ocio.nih.gov/Smartcard/Pages/default.aspx">HHS ID Badge Smart Card</a></li><li><a href="https://cit.nih.gov">Center for Information Technology, CIT</a></li><li><a href="http://www.nih.gov/">National Institutes of Health</a><br>&nbsp;</li></ul></div>
</div>
</div>
<div class="layout__region layout__region--second">
<nav role="navigation" aria-labelledby="-menu" class="block block-menu navigation menu--main">
<h2 class="visually-hidden" id="-menu">Main navigation</h2>
<ul show="active" class="navbar-nav menu--level-0">
<li class="menu__item menu__item--link menu__item--level-0 menu__item--active-trail nav-item">
<a href="/information-security/encryption" class="menu__link menu__link--link menu__link--level-0 menu__link--active-trail nav-link is-active" data-drupal-link-system-path="node/40" aria-current="page">Encryption</a>
</li>
<li class="menu__item menu__item--link menu__item--level-0 nav-item">
<a href="/information-security/nih-security-training" class="menu__link menu__link--link menu__link--level-0 nav-link" data-drupal-link-system-path="node/45">NIH Security Training</a>
</li>
</ul>
</nav>
<div class="block block-layout-builder block-inline-blockbox-with-top-border">
<div class="top-border-box top-border-box--">
<h2 class="text- icon-title icon-title--links">
<div class="field field--name-field-title field--type-string field--label-hidden field__item">Related Links</div>
</h2>
<div class="clearfix text-formatted field field--name-field-content field--type-text-long field--label-hidden field__item"><ul><li><a href="https://irtsectraining.nih.gov/">NIH Information Security and Privacy Training</a></li><li><a href="https://ocio.nih.gov/Smartcard/Pages/default.aspx">HHS ID Badge Smart Card</a>&nbsp;</li><li><a href="https://www.cit.nih.gov/">Center for Information Technology, CIT</a></li><li><a href="https://www.nih.gov/">National Institutes of Health</a></li></ul></div>
</div>
</div>
</div>
</div>
<div class="layout layout--onecol">
<div >
</div>
</div>
<div class="layout layout--onecol">
<div class="layout__region layout__region--content">
</div>
</div>
</div>
</article>
</div>
</div>
<div class="content-below-container">
</div>
</main>
<footer class="footer">
<div class="footer-top">
<div class="container-fluid">
<div class="region region-footer">
<nav role="navigation" aria-labelledby="block-ocio-footer-menu" id="block-ocio-footer" class="block block-menu navigation menu--footer">
<h2 class="visually-hidden" id="block-ocio-footer-menu">Footer</h2>
<ul block="block-ocio-footer" class="menu">
<li class="menu-item nav-item">
<a href="https://www.nih.gov/icd/od/foia/index.htm">FOIA</a>
</li>
<li class="menu-item nav-item">
<a href="/disclaimers" data-drupal-link-system-path="node/99">Disclaimers</a>
</li>
<li class="menu-item nav-item">
<a href="/about-us/contact-us" data-drupal-link-system-path="node/36">Contact Us</a>
</li>
<li class="menu-item nav-item">
<a href="/accessibility" data-drupal-link-system-path="node/111">Accessibility</a>
</li>
<li class="menu-item nav-item">
<a href="/privacy-policy" data-drupal-link-system-path="node/112">Privacy Policy</a>
</li>
<li class="menu-item nav-item">
<a href="https://www.hhs.gov/vulnerability-disclosure-policy/index.html">HHS Vulnerability Disclosure</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="footer-bottom">
<div class="container-fluid d-lg-flex gap-4 justify-content-between">
<div class="my-3">
<h2 class="h4 m-0">Office of the Chief Information Officer (OCIO)</h2>
<p class="m-0">at the National Institutes of Health</p>
</div>
<div class="footer-agencies d-flex flex-column align-items-lg-end my-3">
<a href="https://dhhs.gov/">
U.S.Department of Health and Human Services
</a>
<a href="https://www.nih.gov/">
National Institutes of Health
</a>
<a href="https://usa.gov/">
USA.gov</a>
</div>
</div>
</div>
<div>
<a id="back-to-top" class="hidden-print" role="button">&#9650;<span id="back-to-top-tip">Back to Top</span></a>
</div>
<div class="modal fade" id="exit-link-disclaimer" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-dialog modal-lg modal-dialog-centered" role="document">
<div class="modal-content">
<div class="modal-header">
<h4 class="h4 modal-title text-primary" id="myModalLabel">
Endorsement Disclaimer - Links to Other Sites
</h4>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body">
<p>Our Web site has links to many other federal agencies, and in a few cases we link to private organizations. You are subject to that site's privacy policy when you leave our site. We proudly comply with 508 accessibility regulations, but we cannot be responsible for Section 508 compliance (accessibility) on other federal or private Web sites.</p>
<p>Reference in this Web site to any specific commercial products, process, service, manufacturer, or company does not constitute its endorsement or recommendation by the U.S. Government or National Institutes of Health (NIH). NIH is not responsible for the contents of any "off-site" Web page referenced from this server.</p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-sm btn-primary exit-cancel" data-bs-dismiss="modal">Dismiss</button>
</div>
</div>
</div>
</div>
</footer>
</div>
</div>
<script src="/sites/external/files/js/js_ICrTiZDE_B7NX02PtqC3Dn2yeEyA3fJuZL-UlYsKSes.js?scope=footer&amp;delta=0&amp;language=en&amp;theme=ocio&amp;include=eJzLT87M10_PyU9KzNEtTi7KLCgpBgBJdgeA"></script>
</body>
</html>
Reference in a new issue View git blame Copy permalink