The federal information processing standard publication 1402, fips pub 1402, is a u. Fips 1402 defines four levels of security, simply named level 1 to level 4. Tough enough to go anywhere the aegis secure key resilient design. The mdx vault encrypts mdxwrapped apps and associated dataatrest on both ios and android devices using fips certified cryptographic modules provided by the openssl. Federal information processing standard fips publication 1402. How to read a fips 1402 validation listing safelogic.
The federal information processing standard fips publication 1402 fips pub 1402, commonly referred as fips 1402, is a us government computer security standard used to validate cryptographic modules. Fips 1402, security requirements for cryptographic modules csrc. The new standard defines five types of cryptographic modules or boundaries that can achieve validations. But its influence goes far beyond this significant but delimited area. Hmac, federal information processing standards publication 1981, july 2008. Here is a link to the nist website for a copy of the fips 1402 standard. Fips 140 2 standard and selfencrypting drive technology. Federal information processing standard fips 140 3 and other cryptographybased standards. For fips 1402, it meets level 2 for overall security and level 3 for physical security. Security requirements for cryptographic modules fips pub 140 2. Openssl fips 1402 security policy university of utah.
Security level 3 requires the entry or output of plaintext csps including the entry or output of plaintext csps using split knowledge procedures be performed using ports that are physically separated from other ports, or interfaces that are logically separated using a trusted path from other. Initial publication was on may 25, 2001 and was last updated december 3, 2002. Using a fips 1402 enabled system in oracle solaris 11. An introduction to fips 1402 and common criteria secureidnews. Fips 1402 was created by the nist and, per the fisma, is mandatory for us and canadian government procurements. The fips 1402 security requirements cover 11 areas related to the. Federal information processing standard fips publication 140 2. This standard supersedes fips 1402, security requirements for cryptographic. A hardware security module hsm is a dedicated server used to protect data in transit, in use, and at rest through encryption and physicallogical security. Fips stands for federal information processing standard.
Currently there is no schedule published for the adoption of fips 1404. The fips 1402 standard technically allows for softwareonly implementations at level 3 or 4, but applies such stringent requirements that none have been validated. The cmvp is a joint effort between the national institute of tandards and s technology and the canadian centre for cyber security. Using a rechargeable battery, the aegis secure key enables the user to unlock the drive with a 715 digit pin before connecting to a usb port. Plaintext keys entered via trusted path or directly attached cable. Fips 1402 level 3 and pci hsmvalidated solutions for data encryption, fraud protection, financial and general purpose encryption, and more. In addition to meeting current standards, futurex is committed to supporting emerging standards and requirements. For each area, a cryptographic module receives a security level rating 14. Its published by the us and canadian governments, and although there are many fips standards, this is the only one we are referring to in this article. Fips 1403 security level requirement area 1 2 3 4 atsec. Fips 1402 security requirements for cryptographic modules, may 25, 2001 fips 1803 secure hash standard.
A fips validation ensures that the cryptographic module has been tested and meets the highest security requirements. Fips 1402 validation certificate addonics technologies. Fips 1402 compliance fips 1402 certification thales. It is typically deployed in a server or an appliance to provide crypto. Example of running in fips 1402 mode on an oracle solaris 11. This standard specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting sensitive but unclassified information hereafter. Buy fips 1402 level 3 certified, d200 mlc memory device.
Modules validated as conforming to fips 140 3 are accepted. Fips 140 2 testing will continue for at least a year after fips 140 3 testing begins. Validated through the cryptographic module validation program cmvp, fips 140 3 testing will begin september 22, 2020. The federal information processing standard fips publication 1402 is a u. The federal information processing standard fips publication 140 2 fips pub 140 2, commonly referred as fips 140 2, is a us government computer security standard used to validate cryptographic modules. First off, lets be clear on what we are talking about. Read our blog post update here, and our update on the most recent certificate here. Fips 140 2 was created by the nist and, per the fisma, is mandatory for us and canadian government procurements. Openssl fips 140 2 security policy 4 modes of operation and cryptographic functionality the module supports only a fips 140 2 approved mode. The entire drive is fips certified, not just the controller, and its aes 256bit hardwarebased encryption in xts mode offers unsurpassed security. To boldly send traffic where no one has sent before.
Fips 1403, security requirements for cryptographic. Implementation guidance for fips 1402 and the cryptographic module validation program national institute of standards and technology canadian centre for cyber security initial release. Apricorn aegis secure key 3z usb flash drive encrypted. Futurex hsms adhere to all major industry standards, including fips 1402 level 3 and pci hsm. The module provides a fips 1402 overall level 3 security solution. These levels are intended to cover the wide range and potential applications and environments in which cryptographic modules may be employed. Tables 4a and 4b list the approved and nonapproved but allowed algorithms, respectively. Fips 1402 is a requirements document that sets the minimum strength level for data encryption used in sensitive but unclassified sbu federal operating environments.
Why arent there fips level 4 devices on the market. This document was prepared as part of the fips 1402 level 2 validation of the module. Fips 1402 level 3 security policy of java card platform. The federal information processing standard fips publication 140 2 is a u. Thus, you could get rated as fips 1402 level 1 or fips 1402 level 3. Sample deployments are shown, providing guidance on fips 1402 compliance. Standards cryptographic module validation program csrc. Fips 1402 validations can be completed for level 1, 2, 3, or 4.
Federal information processing standard fips publication. The value of the parameter fipsstate passed into the call specifies the mode. The document provides an overview of the security features that apply to citrix virtual apps and desktops, with an emphasis on fips 1402. The mdx vault encrypts mdxwrapped apps and associated dataatrest on both ios and android devices using fipscertified cryptographic modules provided by the openssl. This article describes how to configure an oracle solaris system to provide fips 1402 level 1 cryptography to kernellevel and userlevel consumers of cryptography, for example, kerberos, secure. Columbitech mobile vpn the only fips 1402 certified mobile vpn. This yubikey fips security key has been validated for secondfactor authentication for federal and fido use. Specification of cryptographic module, cryptographic boundary, approved security functions, and normal and degraded modes of operation. The following are the allowed values for fipsstate parameters. Fips 1402 is overseen by cmvp cryptographic module validation program which is a joint effort mandated by both. Fips 1403 testing will begin on september 22, 2020. Regulatory compliance is a nonnegotiable requirement in many environments.
At level 3 and 4, physical or logical separation of critical data entryoutput. P25 twoway radio security motorola raises the bar on p25 twoway radio security apx series awarded fips 1402 level 3 validation validated at federal information processing standards fips 1402 level 3, our apx series of p25 twoway radios is the industrys first to offer government agencies this next level of information assurance. Security requirement security level cryptographic module specification 1 cryptographic module ports and interfaces 1 roles, services, and authentication 2. Fips 1402 testing will continue for at least a year after fips 1403 testing begins. The selective application of technological and related procedural safeguards is an important responsibility of every federal organization in providing adequate security in its. Encryption and fips 1402 compliance hewlett packard. Approved security functions june 10, 2019 for fips pub 140. What is fips 1402 and how is it used in the dod community. Security requirements for cryptographic modules fips pub 1402. The government began drafting fips 1403 in 2005, and various versions of the new draft fips validation have.
Implementation guidance for fips pub 140 2 and the cryptographic module validation program national institute of standards and technology cmvp 3 12032019. Usb flash drives free delivery possible on eligible purchases. Security level 1 provides the lowest level of security. For the full xenmobile fips 140 2 compliance statement, including the specific modules used in each case, contact your citrix representative. Initial publication was on may 25, 2001 and was last updated december 3. It also describes how to run the module in an approved fips 1402 mode of operation. This will eseentially be a wrapper around the iso standard.
Fips 1402 federal information processing standards publication 1402 security requirements for. The cryptographic module validation program cmvp, that is administered by the national institute of standards and technology. To run the cryptographic framework in fips 1402 mode, see how to create a boot environment with fips 1402 enabled in managing encryption and certificates in oracle solaris 11. Per your question does fips 1402 level3 protect against hacking, i would say the real world answer is no. Fips 1402 is a set of standards for document processing, encryption. According to the announcement, fips 140 3 will become effective on september 22, 2019. After fips 140 3 testing begins, fips 140 2 testing will continue for at least a year, making the two standards to coexist for some time. The title is security requirements for cryptographic modules. This easy to use and affordable usb flash drive incorporates pin access with military grade 256bit aes hardware encryption. Encryption is the process of transforming data using an algorithm to make it unreadable to anyone except those possessing special knowledge. In addition to meeting the requirements above, fips 140 2 also covers the specific algorithms that can be used for symmetric, asymmetric, message authentication, and hashing cryptographic functions. Fips 140 3 is available electronically from the nist website at. The module is deployed in a pcie slot to provide crypto and tls 1.
This is a very frequently asked question, and we have been fielding questions from clients on how to deal with fips 1403 for years now. Fips federal information processing standards is a set of standards that describe document processing, encryption algorithms and other information technology processes for use within nonmilitary federal government agencies and by government contractors and vendors who work with these agencies. Fips 1403 is available electronically from the nist website at. The current plan within nist is to completely skip fips 1403 and move to fips 1404. The use of validated cryptographic modules is required by the united states government for all unclassified uses of cryptography. Fulltrack multiplesector transfer capability without local processor intervention. Encryption is especially important for organizations with mobile users transmitting data over a wireless. Hybrid modules, which were originally restricted to level 1 validations in fips 1402, no longer have a level limitation. Fips 140 3 testing will begin on september 22, 2020. Columbitechs cryptographic module is fips 1402 certified.
Whatever your opinion of fips 1402, its here and it is not going anywhere soon. Fips 1402 level 3 certified, d200 mlc memory device. While level 1 is appropriate for software, the advanced levels feature increasing amounts of physical security, including tamperevident seals and tamper response. For many organizations, requiring fips certification at fips 140 level 3 is a good compromise between effective security, operational convenience, and choice in the marketplace. Cryptographic modules are tested against requirements found in fips 1402, security requirements for cryptographic modules pdf. These levels are intended to cover the wide range and. Fips 1402, or federal information processing standard 1402 is a set of security requirements for cryptographic modules.
Each security level offered an increase in security over the preceding level. Basic security requirements are specified for a cryptographic module e. Encryption and fips 1402 compliance i havent looked into this whole topic yet at any depth, but to support an encrypting tape drive in a general way, it should be possible to somehow specify encryption at mount time, in a way similar to mediacompaction allows compression to be turned on. This policy was prepared as part of the level 3 fips 1402 validation of the module. Buy apricorn aegis secure key 120gb fips 1402 level 3 validated usb 3. Fips 1402 standard and selfencrypting drive technology. For the full xenmobile fips 1402 compliance statement, including the specific modules used in each case, contact your citrix representative. Federal information processing standards publication 1403 fips 1403 would be a new standard that would replace fips 1402 in the same way that fips 1402 replaced fips 1401. Fips 1402 standard and self encrypting drive technology. The fips 140 2 standard also specifies the underlying algorithms contained within the cryptographic modules.
It does not specify in detail what level of security is required by any particular application. Fips 1402 provides four increasing, qualitative levels of security. The federal information processing standards publication series of the national institute of standards and technology nist is the official series of publications relating to standards and. The module provides a fips 140 2 overall level 3 security solution. Kingston digital releases fips 1402 level 3 encrypted usb. It is typically deployed in a server or an appliance to provide crypto offload. These are key facets for hardware validations, in particular. Apricorns aegis secure key brings security to your fingertips. For more information on fips 1402 level 2 certification see about fips on page 24. Datatraveler 4000 g2 is fips 1402 level 3 certified so it provides a tamperevident seal for physical security to detect and respond to attempts to access, use or modify the cryptographic module. Fips 1402 levels explained security level 1 basic security requirements are specified for a cryptographic module e. The modules functions are accessed over the pcie interface via an.
161 506 1493 678 1449 1407 1263 145 152 96 121 46 770 1478 1165 304 151 340 432 357 628 241 523 1185 605 128 928 1166 1201 1452