At 2:29 PM 10/17/95, Bill Neugent wrote:
>Folks,
>Is anyone aware of DoD-level policy that mandates hardware-based
>implementation for cryptographic-based confidentiality, integrity,
>authentication, or non-repudiation?  DoDD C-5200.5 (COMSEC) *does* say that
>DoD guys have to use NSA-approved cryptographic systems, and NSA-approved
>stuff tends to be hardware based, but I know of no explicit policy on it.
>
>Bill

The DES standard used to require hardware.  The new DES standard has 4
levels (and I believe the lowest level can be in software).  The fact that
NSA gets to make the rules means there is at least implicit policy.

-Sam