iv
5. Maintenance Agency. Department of Commerce, National Institute of Standards
and Technology, Information Technology Laboratory (ITL).
6. Applicability. This standard is applicable to all Federal departments and agencies for
the protection of sensitive unclassified information that is not subject to section 2315 of
Title 10, United States Code, or section 3502(2) of Title 44, United States Code. This
standard shall be used in designing, acquiring and implementing keyed-hash message
authentication techniques in systems that Federal departments and agencies operate or
which are operated for them under contract. The adoption and use of this standard is
available on a voluntary basis to private and commercial organizations.
7. Specifications. Federal Information Processing Standard (FIPS) 198, Keyed-Hash
Message Authentication Code (HMAC) (affixed).
8. Implementations. The authentication mechanism described in this standard may be
implemented in software, firmware, hardware, or any combination thereof. NIST has
developed a Cryptographic Module Validation Program that will test implementations for
conformance with this HMAC standard. Information on this program is available at
http://csrc.nist.gov/cryptval/.
Agencies are advised that keys used for HMAC applications should not be used for other
purposes.
9. Other Approved Security Functions. HMAC implementations that comply with this
standard shall employ cryptographic algorithms, cryptographic key generation algorithms
and key management techniques that have been approved for protecting Federal
government sensitive information. Approved cryptographic algorithms and techniques
include those that are either:
a. specified in a Federal Information Processing Standard (FIPS),
b. adopted in a FIPS or NIST Recommendation and specified either in an appendix to
the FIPS or NIST Recommendation or in a document referenced by the FIPS or
NIST Recommendation, or
c. specified in the list of Approved security functions for FIPS 140-2.
10. Export Control. Certain cryptographic devices and technical data regarding them
are subject to Federal export controls. Exports of cryptographic modules implementing
this standard and technical data regarding them must comply with these Federal
regulations and be licensed by the Bureau of Export Administration of the U.S.
Department of Commerce. Applicable Federal government export controls are specified
in Title 15, Code of Federal Regulations (CFR) Part 740.17; Title 15, CFR Part 742; and
Title 15, CFR Part 774, Category 5, Part 2.
11. Implementation Schedule. This standard becomes effective on September 6, 2002.
lxinxie2012-11-13很全面,很感谢!
