Version 184.108.40.206 and 220.127.116.11 Security Policy This is a non-proprietary security policy for RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) 18.104.22.168 and 22.214.171.124 security software. This document may be freely reproduced and distributed whole and intact including the Copyright Notice.
Security Policy This document is a non-proprietary security policy for RSA BSAFE Crypto CDC Module 1.1 security software. For the remainder of this document the RSA BSAFE Crypto CDC Module will be referred to as the Module. This document may be freely reproduced and distributed whole and intact including the Copyright Notice.
Security Policy This document is a non-proprietary security policy for RSA BSAFE Crypto CDC Module for MEAP 1.1 security software. For the remainder of this document the RSA BSAFE Crypto CDC Module for MEAP will be referred to as the Module. This document may be freely reproduced and distributed whole and intact including the Copyright Notice.
This research argues that organizational power impacts the development and implementation of Information Systems (IS) Security policy. The study was conducted via an in depth case study at the IT department within a large financial organization in the United States. The theoretical foundation for the research was based was Clegg’s (2002) Circuits of Power. A conceptual framework was created utilizing Circuits of Power. This was used to study power relationships and how they might affect the formulation and implementation of IS Security policy in this organization. The case study demonstrated that power relationships have a clear impact on the IS security policy process. Though there is a strong security culture at the organization and a well defined set of processes, an improvement in the process and ensuing security culture is possible by accounting for the effect of power relationships. 1. THE NATURE AND SIGNIFICANCE OF POWER RELATIONSHIPS
This is a non-proprietary Security Policy (for all platforms except SPARC T4) for RSA BSAFE Crypto-C Micro Edition 4.0.1 (Crypto-C ME). It describes how Crypto-C ME meets the Level 2 security requirements of FIPS 140-2 for roles, services and authentication, the Level 3 security requirements of FIPS 140-2 for design assurance, and the Level 1 security requirements of FIPS 140-2 for all other aspects. It also describes how to securely operate Crypto-C ME in a FIPS 140-2-compliant manner. FIPS 140-2 (Federal Information Processing Standards Publication 140-2- Security Requirements for Cryptographic Modules) details the United States Government requirements for cryptographic modules. For more information about the FIPS 140-2 standard and validation program, go to the NIST Web site at
Systems and infrastructure rarely enforce a site’s security policy precisely. Conversely, determining the policy (or policy components) that the systems and infrastructure do enforce is difficult because of the plethora of configuration files and systems at the site. We propose a way to unify these problems by applying a bi-directional method of enforcing and reverse-engineering system and infrastructure policy. The process uses a platform-independent intermediate policy representation (IPR) to bridge the gap between a high-level expression of policy and a machine-dependent, system configuration. The result of these methods, shown along with a detailed example, is that both policy discovery and enforcement can be made into a much more rigorous process.