аЯрЁБс>ўџ /1ўџџџ.џџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџьЅС% №ПCbjbj%ч%ч "*GG Aџџџџџџl       Д–––8Ю,њ,Дц t22HHH###чщщщщщщ$Z z ”  ##### '  HHл" d'''#” H Hч'#ч'Р'ч  чH& РрФ`AЪДт–Зpчч† `ц ч'ч'ДД    йNOAO Acceptable Encryption Use Policy 1.0 Purpose The purpose of this policy is to provide guidance that limits the use of encryption to those algorithms that have received substantial public review and have been proven to work effectively. Additionally, this policy provides direction to ensure that Federal regulations are followed, and legal authority is granted for the dissemination and use of encryption technologies outside of the United States. The NOAO CIS Departments will be glad to provide guidance on these very technical issues if you have questions. 2.0 Scope This policy applies to all NOAO employees and affiliates. 3.0 Policy Proven, standard algorithms such as DES, 3DES, AES, Blowfish, RSA (or Diffie-Hellman), RC5 and IDEA should be used as the basis for encryption technologies.. Symmetric crypto-systems (such as AES, DES, 3DES, Blowfish and IDEA) are methods in which the same key is used for both encryption and decryption of the data. Kkey lengths for these systems must be at least 128 bits. Asymmetric crypto-systems (such as RSA and RC5) are methods in which two different keys are used: one for encrypting and one for decrypting the data. Public-key encryption use asymmetric crypto-systems. Kkeys for these systems must be at least 1024 bits. NOAO’s key length requirements will be reviewed annually and upgraded as technology allows. These algorithms represent the actual cipher used for an approved application. For example, PGP Corporation’s Pretty Good Privacy (PGP) uses a combination of IDEA and RSA, while the Secure Socket Layer (SSL) uses RSA encryption, The ssh protocol combines an asymmetric cipher such as RSA-1028 for key exchange and a symmetric cipher such as AES-128 for bulk data transfer. Apple’s encrypted disk images in MacOS X use AES-128; TrueCrypt uses AES-256.. The use of proprietary encryption algorithms is not allowed for any purpose, unless reviewed by qualified experts outside of the vendor in question and approved by the CIS Departments. Be aware that the export of encryption technologies is restricted by the U.S. Government. Residents of countries other than the United States should make themselves aware of the encryption technology laws of the country in which they reside. 4.0 Terms & Definitions Term Definition Proprietary Encryption An algorithm that has not been made public and/or has not withstood public scrutiny. The developer of the algorithm could be a vendor, an individual, or the government. Symmetric Cryptosystem A method of encryption in which the same key is used for both encryption and decryption of the data. Asymmetric Cryptosystem A method of encryption in which two different keys are used: one for encrypting and one for decrypting the data (e.g., public-key encryption). 5.0 Revision History First Edition: March 15, 2007Updated: June 28, 2006 Updated: July 12,2006 Edited: February 179, 2007 Edited: March 2, 2007 Revised: September 16, 2009     NOAO Acceptable Encryption Policy Page  PAGE 1 &3?@CDQ\–˜ЄІБВMNPRij—Ъѓєџ,.FG^sѓъйЯъРъйБРъЂ‘ЯъЂъ‚ъ‚ъ‚sdъsъsъUъsHhЗ‚йfOJPJQJ^JOJPJQJ^JcHdhЏ‚йfHhЏ‚йfOJPJQJ^JHh­‚йfOJPJQJ^J 5OJPJQJ^JcHdhЊ‚йfOJPJQJ^JcHdhЊ‚йfOJPJQJ^JcHdhЈ‚йfOJPJQJ^JcHdhЖ‚йf5OJPJQJ^J 5OJPJQJ^JcHdhЈ‚йfOJPJQJ^J5CJOJPJQJ^J &3@гдDQ\—ІВQR-њјјјјјјјјјјјГГDC$EЦ€­‚йf$a$Bўў-.0 1  Ž U V  ККuussssDC$EЦ€В‚йfDC$EЦ€Џ‚йfsклќ§  / 1 ` i A E : S T      ' №свУКвКвКЋКœК~КoК`O8-HhЯ›В&5OJPJQJ^JcHdhЉ‚йf 5OJPJQJ^JcHdhЉ‚йfOJPJQJ^JcHdhЖ‚йfHhГ‚йfOJPJQJ^JOJPJQJ^JcHdh‡ГІHh‡ГІOJPJQJ^JHhИ‚йfOJPJQJ^JOJPJQJ^JcHdhЋ‚йfOJPJQJ^JOJPJQJ^JcHdhВ‚йfHhВ‚йfOJPJQJ^JHhБ‚йfOJPJQJ^JHhА‚йfOJPJQJ^J    5 H ` 4ККИИИИsИИDC$EЦ€а›В&DC$EЦ€Г‚йf ' 5 H ^ _ ` b Х Ц 234˜™šБВяояЯЙЯЊ›Њ’ƒrƒ\ƒ’M?@BC№чттттжЧМЧЌЧЂчCJOJQJ\^J0JCJOJQJ^JmHnHu0JCJOJQJ^Jj0JCJOJQJU^JCJOJPJQJ\^J jUCJOJQJ^JHhЉ‚йfCJOJQJ^Jх    @ABCКИИИИИИИИЖИИКDC$EЦ€Љ‚йf 1hАа/ Ар=!А "А #№$№%А i4@ёџ4 NormalCJ_HmH sH tH <A@ђџЁ< Default Paragraph Font4Z@ђ4 Plain Text CJOJQJ,, Header  ЦрР!, @, Footer  ЦрР!&)@Ђ!& Page Number@ў2@  Balloon TextCJOJQJ^JaJC *џџџџ&3@гдDQ\—ІВQR-.01ŽUV  5 H `  4 ™ š Г B C R h œ В Ю х  @ D ˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€š0€€š0€€š0€€˜0€€š@0€€ 0 @@@Cs' ВфC - 4хC B 4;=C!џ•€№8№@ёџџџ€€€ї№’№№0№( № №№B №S №ПЫџ ?№ј17y|',<E        A D ю#i        A D 33џџ Sue HayesY:\acceptable encryption.doc Sue Hayes+Y:\admin\cybersec\acceptable_encryption.docџ@€ №–C C @@џџUnknowngrandi Steve Grandimfleming Sue HayesџџџџџџџџџџџџG‡z €џTimes New Roman5€Symbol3& ‡z €џArialG€  MS Mincho-џ3џ fg?5 ‡z €џCourier New5& ‡za€џTahoma"1ˆ№аhЮФй†:ьйFХй†Мц Ц Ф№ №ДД0d' ф 3ƒq№мHPџџ"Acceptable Encryption Policy Cisco User Sue Hayesўџр…ŸђљOhЋ‘+'Гй0Є˜ Ьиьј ,8 T ` l x„Œ”œф#Acceptable Encryption Policy scce Cisco UserEiscisc Normal.dotE Sue HayesE5e Microsoft Word 9.0o@Œ†G@ЄњШŽ=Ъ@$)и…=Ъ@Д|Ќ`AЪМц ўџеЭеœ.“—+,љЎ0 hpŒ”œЄ ЌДМФ Ь ћфCisco Systems, Inc.'  #Acceptable Encryption Policy Title ўџџџўџџџ !"#$%ўџџџ'()*+,-ўџџџ§џџџ0ўџџџўџџџўџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџRoot Entryџџџџџџџџ РFЂхФ`AЪ2€1TableџџџџџџџџџџџџWordDocumentџџџџџџџџ"*SummaryInformation(џџџџDocumentSummaryInformation8џџџџџџџџџџџџ&CompObjџџџџjObjectPoolџџџџџџџџџџџџЂхФ`AЪЂхФ`AЪџџџџџџџџџџџџўџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџўџ џџџџ РFMicrosoft Word Document MSWordDocWord.Document.8є9Вq