|

 
|
| | Name : | H. Stephen Berger | Organization : | N/A | Post Date : | 9/30/2005 |
| Section : | 6.7.4 | Page no. : | | Line no.: | | Comment : | Confidentiality of the transmitted data is the next point of concern. This issue is dealt with in Section 6.7.4, “Protecting the Transmitted Data”. The requirements of Section 6.7.4 are: 6.7.5 All information transmitted via wireless communications shall be encrypted and authenticated, with the exception of wireless T-coil coupling, to protect against eavesdropping and data manipulation including modification, insertion, and deletion. 6.7.5.1 The encryption shall be as defined in Federal Information Processing Standards (FIPS) 197, “Advanced Encryption Standard (AES).” 6.7.5.1.1 The cryptographic modules used shall comply with FIPS 140-2, Security Requirements for Cryptographic Modules. 6.7.5.2 The capability to transmit non-encrypted and non-authenticated information via wireless communications shall not exist. 6.7.5.2.1 If wireless communication (audible) is used, and if the receiver of the wireless transmission is the human ear, then the information shall not be encrypted (i.e., this specifically covers the case of the wireless T-Coil coupling for assistive devices used by people who are hard of hearing - see Volume I, Section 2.2.7.2 DRE standards item c) Using the security chain metaphor, these requirements would seem to reduce the risk to confidentiality to a level far below that presented by other means. Simply stated, there are easier ways to gain access to confidential data than through tapping into the wireless transmission, as guarded by these requirements.
[Statements submitted at EAC public hearing, July 28, 2005, Pasadena] | |
|
|