FIPS 140 2015 V1 - Industries
FIPS 140 What is FIPS 140? Federal Information Processing Standard (FIPS) 140 is the de-facto standard in the United States and Canada governing security requirements for cryptographic modules that protect sensitive, but unclassified information. The standard provides a framework for secure design and implementation of products that incorporate encryption methods for data security, integrity, and authentication. Which products apply? Cryptographic modules include a wide variety of hardware and software products, covering a broad range of industries. As a general rule, any product that transmits or stores sensitive data can fall under the FIPS 140 umbrella. This includes network hardware such as routers and switches; electronic storage devices such as flash drives and hard drives; wireless devices such as lighting and building controls; smartphones; financial banking tokens; smartcards; and medical devices. Monitoring for Hexavalent Chromium Why should I evaluate my product? The United States government, via the Federal Security Management Act (FISMA) of 2002, requires that all products that store or transmit sensitive data, which are intended to be installed in government space, comply with FIPS 140. Additionally, multiple industry standards rely on FIPS 140 as a basis for data security including the healthcare, energy, information technology, financial, and identity verification industries. Multiple UL standards, including UL 294 (Access Control Systems) and UL 1610 (Central Station Alarm Systems), reference FIPS 140 for secure communication between devices. Finally, FIPS 140 is an excellent method of verifying and distinguishing your product’s data security features. Why UL? Founded in 1894, UL has been a leader in product testing and certification for over 100 years. As such, UL has the ability not only to conduct cryptographic module and algorithm investigations, but to evaluate products to multiple safety and performance standards in parallel with FIPS 140 investigations. For additional information, please contact [email protected]. What services does UL offer? UL offers the following services associated with FIPS module and algorithm investigations: • Product evaluation • Product testing • Preliminary investigation / gap analysis • Compliance consulting Useful Links Cryptographic Module Validation Program NIST CMVP Website <http://csrc.nist.gov/groups/STM/cmvp/index.html> Module Validation List <http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm> Module-In-Process List <http://csrc.nist.gov/groups/STM/cmvp/inprocess.html> Cryptographic Algorithm Validation Program NIST CAVP Website <http://csrc.nist.gov/groups/STM/cavp/index.html> Algorithm Validation Lists <http://csrc.nist.gov/groups/STM/cavp/validation.html> Standards FIPS 140-2 Standard <http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf> FIPS 140-2 Derived Test Requirements <http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402DTR.pdf> FIPS 140-2 Implementation Guidance <http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf> For additional information, please contact [email protected]. UL and the UL logo are trademarks of UL LLC © 2015, NG-0390 03/15
© Copyright 2024