Blog

How do I verify FIPS 140-2 compliance?

How do I verify FIPS 140-2 compliance?

There are two ways to assure your management that FIPS 140-2 is being implemented. One is to hire a consultant specializing in the standard, such as Rycombe Consulting or Corsec Security. These companies provide the necessary documentation for the certification procedure, which you can use to prove implementation.

Who managed the FIPS 140-2 standard?

The Cryptographic Module Validation Program (CMVP) validates cryptographic modules to Federal Information Processing Standard (FIPS) 140-2 and other cryptography based standards. The CMVP is a joint effort between NIST and the Communications Security Establishment (CSE) of the Government of Canada.

What is the difference between FIPS 140-2 and 140-3?

FIPS 140-2 standard was originally written with all modules as hardware and only later were additional modules added. While both FIPS 140-2 and FIPS 140-3 include the four logical interface data input, data output, control input, and status output.

Is sha256 FIPS 140-2 compliant?

AES encryption is compliant with FIPS 140-2. It’s a symmetric encryption algorithm that uses cryptographic key lengths of 128, 192, and 256 bits to encrypt and decrypt a module’s sensitive information.

Where can I find the FIPS 140-2 standard?

The Cryptographic Module Validation Program (CMVP), a joint effort of the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS), validates cryptographic modules to the Security Requirements for Cryptographic Modules standard (i.e., FIPS 140-2) and related FIPS cryptography standards.

What do you need to know about Microsoft 365 FIPS 140-2?

Moreover, Azure customers can store their own cryptographic keys and other secrets in FIPS 140-2 validated hardware security modules (HSM). For more information about Microsoft 365 compliance, see Microsoft 365 FIPS 140-2 documentation. For a list of FIPS 140-2 certificates applicable to Azure services, see validated modules used by Windows Server.

How is the CMVP validated in FIPS 140-2?

The Cryptographic Module Validation Program (CMVP – www.nist.gov/cmvp) validates cryptographic modules to FIPS 140-2 and other cryptography based standards. The CMVP is a joint effort between NIST and the Canadian Centre for Cyber Security (CCCS – https://cyber.gc.ca/en/).

What is the Federal Information Processing Standard ( FIPS )?

Federal Information Processing Standard (FIPS) Publication 140-2 1 FIPS 140-2 standard overview. The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. 2 Microsoft’s approach to FIPS 140-2 validation. 3 Microsoft in-scope cloud services. 4 Frequently asked questions.