New standard set for security

FIPS 140-2 site

The Commerce Department has formally approved the new standard for the minimum level of cryptography in federal security products, replacing a standard that had been in effect for seven years.

With the approval June 27, security products used by agencies for sensitive, unclassified information must be certified under the National Institute of Standards and Technology's Federal Information Processing Standard (FIPS) 140-2, Security Requirements for Cryptographic Modules.

The new FIPS 140-2 standard, which replaces the 140-1 standard from 1994, goes into effect Nov. 25.

FIPS 140-2 covers four increasing levels of security, to encompass a range of applications:

* Security Level 1 specifies basic security, such as a PC encryption board.

* Security Level 2 adds physical security to Level 1 products by requiring tamper-evident coatings or seals, or pick-resistant locks. It also requires role-based authentication of users and that operating systems meet the new Common Criteria Controlled Access Protection Profile.

* Security Level 3 strengthens physical security, requires identity-based authentication, and requires physical separation of data ports. There are also additional levels of Common Criteria requirements.

* Security Level 4 builds on all of the other requirements, as well as the ability to electronically erase information if the environmental conditions around the module change dramatically or if there are drastic fluctuations in the module's operating ranges.

NIST maintains a list of vendors and modules with FIPS 140-1 and 140-2 validation on its Web site.

Featured

  • CLOUD
    pentagon cloud

    Court orders temporary block on JEDI

    JEDI, the Defense Department’s multi-billion-dollar cloud procurement, is officially on hold, according to a federal court announcement Feb. 13.

  • Defense
    mock-up of the shore-based Aegis Combat Information Center

    Pentagon focuses on research, cyber in 2021 budget request

    The Defense Department wants to significantly increase funds for research, cyber, and cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.