[
https://issues.apache.org/jira/browse/HDDS-10234?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
István Fajth updated HDDS-10234:
--------------------------------
Description:
In various jurisdictions there are some restrictions on using different
cryptographic functions, algorithms, cyphers etc.
There is an international standard issued by ISO under ISO/IEC 19790.
In the US, FIPS 140-3 is based off of the ISO standard, hence it is an easy
starting point also considering the fact that most of the legislation probably
moves towards the standard rather than creating a new one.
In China, there is the "China Cryptograhy law" that also contains different
rules for different security levels.
In the EU the legislators are still debating about how to apply rules in order
to protect privacy, but fight crime effectively (esp. child abuse).
Probably there are many more around the world.
This JIRA is about having an umbrella for crypto and security compliance
related changes.
was:
In various jurisdictions there are some restrictions on using different
cryptographic functions, algorithms, cyphers etc.
There is an international standard issued by ISO under ISO/IEC 19790.
In the US, FIPS 140-3 is based off of the ISO standard, hence it is an easy
starting point also considering the fact that most of the legislation probably
moves towards the standard rather than creating a new one.
In China, there is the "China Cryptograhy law" that also contains different
rules for different security levels.
In the EU the legislators are still debating about how to apply rules in order
to protect privacy, but fight crime effectively (esp. child abuse).
Probably there are many more around the world.
This JIRA is about having an umbrella for crypto and security compliance
related changes.
As a starting point and approach, I collected some of the topics that are
necessary for FIPS 140-3 compliance, and I am happy to see any
inputs/amendments/additional requirements to the subsequent architectural
changes and pull requests that helps to make compliance with more jurisdictions
easy (or even implements those compliance measures).
> Regulatory compliance for used cryptography
> -------------------------------------------
>
> Key: HDDS-10234
> URL: https://issues.apache.org/jira/browse/HDDS-10234
> Project: Apache Ozone
> Issue Type: Epic
> Reporter: István Fajth
> Assignee: István Fajth
> Priority: Major
>
> In various jurisdictions there are some restrictions on using different
> cryptographic functions, algorithms, cyphers etc.
> There is an international standard issued by ISO under ISO/IEC 19790.
> In the US, FIPS 140-3 is based off of the ISO standard, hence it is an easy
> starting point also considering the fact that most of the legislation
> probably moves towards the standard rather than creating a new one.
> In China, there is the "China Cryptograhy law" that also contains different
> rules for different security levels.
> In the EU the legislators are still debating about how to apply rules in
> order to protect privacy, but fight crime effectively (esp. child abuse).
> Probably there are many more around the world.
> This JIRA is about having an umbrella for crypto and security compliance
> related changes.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
