The NCUA (“National Credit Union Administration”) is like the FDIC for credit unions. It provides insurance to credit unions and expects a solid level of operations in return. It provides regulations and audits member credit unions for fitness.
The NCUA’s official web site is www.ncua.gov.
See also: “FFIEC” (umbrella regulation, including state chartered banks), “FDIC” (federally chartered banks), “the Fed” (U.S. central bank), “OCC” (national and foreign banks) and “OTS” (savings and loans).
NIST (“National Institute of Standards and Technology”) is a United States based standards body whose influence on the file transfer industry is felt most heavily through its FIPS 140-2 encryption and hashing standard. It is also the keeper of many other security standards which must be met if file transfer technology is used in or to connect with the federal government.
Non-repudiation (also “nonrepudiation”) is the ability to prove beyond a shadow of doubt that a specific file, message or transaction was sent at particular time by a particular party from another party. This proof prevents anyone from “repudiating” the activity: later claiming that the file, message or transaction was not sent, that it was sent at a different time, sent by a different party or received by a different party. (“Repudiate” essentially means “reject”.)
Non-repudiation is important for legal situations where fraud through fake transactions could occur, such as a string of bad ATM transactions. However, it is also an important assumption behind most day-to-day processing: once a request occurs and is processed by an internal system, it’s often difficult and expensive to reverse.
The technology behind non-repudiation is often built on:
- Strong authentication, such as that performed with X.509 certificates, cryptographic keys or tokens.
- Cryptographic-quality hashes, such as SHA256, that ensure each file’s contents bear their own unique fingerprint. (The fingerprints are stored, even if the data isn’t.)
- Tamper-evident logs that retain date, access and other information about each file sent through the system.
Some file transfer protocols, notably the AS1, AS2 and AS3 protocols (when MDNs are in use), have non-repudiation capabilities built into the protocols themselves. Other protocols depend on proprietary protocol extensions (common in FTP/S and HTTP/S) or higher-level workflows (e.g., an exchange of PGP-encrypted metadata) to accomplish non-repudiation.