New standard set for security

FIPS 140-2 site

The Commerce Department has formally approved the new standard for the minimum level of cryptography in federal security products, replacing a standard that had been in effect for seven years.

With the approval June 27, security products used by agencies for sensitive, unclassified information must be certified under the National Institute of Standards and Technology's Federal Information Processing Standard (FIPS) 140-2, Security Requirements for Cryptographic Modules.

The new FIPS 140-2 standard, which replaces the 140-1 standard from 1994, goes into effect Nov. 25.

FIPS 140-2 covers four increasing levels of security, to encompass a range of applications:

* Security Level 1 specifies basic security, such as a PC encryption board.

* Security Level 2 adds physical security to Level 1 products by requiring tamper-evident coatings or seals, or pick-resistant locks. It also requires role-based authentication of users and that operating systems meet the new Common Criteria Controlled Access Protection Profile.

* Security Level 3 strengthens physical security, requires identity-based authentication, and requires physical separation of data ports. There are also additional levels of Common Criteria requirements.

* Security Level 4 builds on all of the other requirements, as well as the ability to electronically erase information if the environmental conditions around the module change dramatically or if there are drastic fluctuations in the module's operating ranges.

NIST maintains a list of vendors and modules with FIPS 140-1 and 140-2 validation on its Web site.

Featured

  • Defense
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    DOD CIO hits pause on JEDI cloud acquisition

    Dana Deasy set cloud as his office's top priority. But when it comes to the JEDI request for proposal, he's directed staff to "pause" to compile a comprehensive review.

  • Cybersecurity
    By Gorodenkoff shutterstock ID 761940757

    Waging cyber war without a rulebook

    As the U.S. looks to go on the offense in the cyber domain, critical questions remain unanswered around who will take the lead and how clearly to draw the rules of engagement.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Deadline extended for Rising Star nominations

    You now have until July 18 to help us identify the early-career innovators and change agents in government IT.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.