[
https://issues.apache.org/jira/browse/HDDS-10234?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
István Fajth reassigned HDDS-10234:
-----------------------------------
Assignee: István Fajth
> Regulatory compliance for used cryptography
> -------------------------------------------
>
> Key: HDDS-10234
> URL: https://issues.apache.org/jira/browse/HDDS-10234
> Project: Apache Ozone
> Issue Type: New Feature
> Reporter: István Fajth
> Assignee: István Fajth
> Priority: Major
>
> In various jurisdictions there are some restrictions on using different
> cryptographic functions, algorithms, cyphers etc.
> There is an international standard issued by ISO under ISO/IEC 19790.
> In the US, FIPS 140-3 is based off of the ISO standard, hence it is an easy
> starting point also considering the fact that most of the legislation
> probably moves towards the standard rather than creating a new one.
> In China, there is the "China Cryptograhy law" that also contains different
> rules for different security levels.
> In the EU the legislators are still debating about how to apply rules in
> order to protect privacy, but fight crime effectively (esp. child abuse).
> Probably there are many more around the world.
> This JIRA is about having an umbrella for crypto and security compliance
> related changes.
> As a starting point and approach, I collected some of the topics that are
> necessary for FIPS 140-3 compliance, and I am happy to see any
> inputs/amendments/additional requirements to the subsequent architectural
> changes and pull requests that helps to make compliance with more
> jurisdictions easy (or even implements those compliance measures).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
