Blog

How do I get FIPS 140-2 validated?

2020-10-09 by Chase Collins

How do I get FIPS 140-2 validated?

In order to become FIPS 140-2 validated or certified, all components of a security solution (both hardware and software) must be tested and approved by one of the following NIST accredited independent laboratories: Advanced Data Security (San Jose, CA)

What does FIPS 140-2 cover?

The areas covered, related to the secure design and implementation of a cryptographic module, include specification; ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic …

What is the difference between FIPS 140-2 Level 2 and Level 3?

Level 2: Requires physical tamper-evidence and role-based authentication for hardware. Software is required to run on an Operating System (OS) approved to Common Criteria (CC) at Evaluation Assurance Level 2 (EAL2). Level 3: Hardware must feature physical tamper-resistance and identity-based authentication.

Is AES 256 FIPS 140-2 validated?

AES encryption is compliant with FIPS 140-2. It’s a symmetric encryption algorithm that uses cryptographic key lengths of 128, 192, and 256 bits to encrypt and decrypt a module’s sensitive information.

What does it take to be FIPS 140-2 compliant?

To be FIPS 140-2 certified or validated, the software (and hardware) must be independently validated by one of 13 NIST specified laboratories. The process takes weeks. Sometimes the software fails and must be fixed and then the testing process repeated. This takes time and money.

Does BitLocker meet FIPS 140-2?

Thus, BitLocker™ maintains FIPS 140-2 compliance on both Vista Enterprise and Ultimate Edition, for both x86 and x64 processor architectures.

What are FIPS 140-2 requirements?

FIPS 140-2 requires that any hardware or software cryptographic module implements algorithms from an approved list. The FIPS validated algorithms cover symmetric and asymmetric encryption techniques as well as use of hash standards and message authentication.

What is the difference between FIPS 140-2 and FIPS 197?

What is the difference between FIPS 140-2 and FIPS 197? FIPS 197 certification looks at the hardware encryption algorithms used to protect the data. FIPS 140-2 is the next, more advanced level of certification. FIPS 140-2 includes a rigorous analysis of the product’s physical properties.

What is the difference between FIPS 140-2 and 140 3?

FIPS 140-2 standard was originally written with all modules as hardware and only later were additional modules added. While both FIPS 140-2 and FIPS 140-3 include the four logical interface data input, data output, control input, and status output.

Is BitLocker 140 a FIPS?

BitLocker is FIPS-validated, but it requires a setting before encryption that ensures that the encryption meets the standards set forth by FIPS 140-2. When encrypting devices with BitLocker, please be sure to follow the steps below to ensure that the encryption used is within parameters of control 3.13.

Is BitLocker NIST approved?

BitLocker™ will only operate in its FIPS-mode once volume conversion (encryption) has completed and the volume is fully encrypted. In order to allow the local administrator to enable or disable FIPS compliance, BitLocker™ complies with the “System Cryptography: Use FIPS compliant algorithms” policy.

What are the FIPS 140-2 requirements?

Is the FIPS 140-1 and 140-2 validated modules search?

The FIPS 140-1 and FIPS 140-2 validated modules search provides access to the official validation information of all cryptographic modules that have been tested and validated under the Cryptographic Module Validation Program as meeting requirements for FIPS PUB 140-1 and FIPS PUB 140-2.

What is the NIST cryptographic module validation program?

NIST and CSE have developed an Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program [ PDF] document for cryptographic module users, vendors and testing laboratories.

When did FIPS PUB 140-2 come into effect?

FIPS 140-2 was signed on May 25, 2001 and became effective November 15, 2001 when Derived Test Requirements for FIPS PUB 140-2, Security Requirements for Cryptographic Modules was published.

What does CAVP stand for in FIPS 140-2?

The Cryptographic Algorithm Validation Program (CAVP) addresses the testing of Approved Security Functions, Approved Random Number Generatorsand Approved Key Establishment Techniqueswhich are referenced in the annexes of FIPS 140-2.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.