J
Juan Juarez
Guest
Enhancement Request Requirements Encryption keys (Database Master Key *.ks file), the passphrase for the User account and the passphrase for Admin account must be stored within a FIPS 140-2 Level 3 compliant keystore away from the encrypted data. Interaction with the key management storage system should be done with Key Management Interoperability Protocol (KMIP). The following institutions all mandate that data at rest is encrypted and keys are managed securely. ● FIPS 140-2 (Federal Information Processing Standards) – We currently are being asked to meet this standard with a large Financial company. ● NIST 800-111 (National Institute of Standards and Technology) – We currently are being asked to meet this standard with a large Technology company. ● ISO/IEC 27001:2013 Appendix 10 (International Standards Organization) ● PCI DSS Req3 (payment card industry data security standard) ● 2014 Cybersecurity Framework PR.DS-1 ● HIPAA 45 CFR 163.312(e)(1) (Health Insurance Portability and Accountability Act) ● HITECH (Health Information Technology for Economic and Clinical Health) ● SOX (Sarbanes Oxley Act) ● EU Data Protection Directives 95/46/EC ● EU General Data Protection Regulation (GDPR) – starts in 2018 ● US States of Massachusetts (Code 201) and Nevada (law NRS603)
Continue reading...
Continue reading...