(9) Authentication, Data Encryption, and Key Management
Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved
(A) Systems shall implement authentication functions that are
consistent with the level of confidentiality or sensitivity of the
data they contain and process.
(B) It will not be a requirement at this time for agencies to use data
encryption techniques for storage and transmission of data.
However, those agencies who choose to employ data encryption shall
adopt the data encryption standard, also referred to as the DES
algorithm, which is defined in the Federal Information Processing
Standard Publication 46-1 (FIPS PUB 46-1). It is highly recommended
that electronic fund transfer (EFT) systems use the data
encryption standard (DES).
(i) For systems employing encryption as described above,
procedures shall be prescribed for secure handling,
distribution, storage, and construction of data encryption
standard (DES) key variables used for encryption and
decryption. Protection of the key shall be at least as
stringent as the protection required for the information
encrypted with the key.