The selective application of technological and related procedural safeguards is an important responsibility of every Federal organization in. FIPS (Federal Information Processing Standard) is the benchmark for validating the effectiveness of cryptographic hardware. If a product has a FIPS You need to know if Symantec Endpoint Encryption(SEE) and/or Guardian Edge Hard Drive (GEHD) encryption is a validated FIPS and/or

Author: Mojind Zulurg
Country: Burkina Faso
Language: English (Spanish)
Genre: Health and Food
Published (Last): 14 January 2006
Pages: 388
PDF File Size: 20.45 Mb
ePub File Size: 3.43 Mb
ISBN: 811-3-50889-906-3
Downloads: 98002
Price: Free* [*Free Regsitration Required]
Uploader: Shaktigami

For Levels 2 and higher, the operating platform upon which the validation is applicable is also listed. The result may be that validated software is less safe than a non-validated equivalent. If a product contains countermeasures against these attacks, they must be documented and tested, but protections are not required to achieve a given level.

January Learn how and when to remove this template message. The Government of Canada also recommends the use of FIPS validated cryptographic modules in unclassified applications of its departments. Post as a guest Name.

Please help to improve this article by introducing more precise citations. It does not specify in detail what level of security is required by any particular application.

There are 4 steps, not 8 — it’s just that the requirements for climbing those steps were tweaked. Sign up or log in Sign up using Google.

Articles lacking in-text citations from July All articles lacking in-text citations Articles needing additional references from August All articles needing additional references Articles lacking reliable references from January All articles lacking reliable references Articles with multiple maintenance issues Articles containing potentially dated statements from December All articles containing potentially dated statements.


This page was last edited on 12 Marchat In addition to the specified levels, Section 4. Unsourced material may be challenged and removed.

FIPS does not purport to provide sufficient conditions to guarantee that a module conforming to its requirements is secure, still less that a system built using such modules is secure.

Home Questions Tags Users Unanswered. User agencies desiring to implement cryptographic modules should confirm that the module they are using is covered by an existing validation certificate. Please improve this by adding secondary or tertiary sources. This article has multiple issues.

FIPS – Wikipedia

Sign up using Email and Password. By clicking “Post Your Answer”, you acknowledge that you have read our updated terms of serviceprivacy policy and cookie policyand that your continued use of the website is subject to these policies.

A module that is FIPScompliant is not more secure than a module that ffips FIPScompliant, it is only more up-to-date in the certification process.

Vendors do not always maintain their baseline validations. Sign up using Facebook. Email Required, but never shown.

Computer security standards Cryptography standards Standards of the United States. The draft issued on 11 Sephowever, reverted to four security levels and limits the security levels of software to fjps 1 and 2.

Is Symantec Endpoint Encryption a validated FIPS 140-1 and FIPS 140-2 Cryptographic Module?

This article needs additional citations for verification. Views Read Edit View history. Retrieved from ” https: Darren Moffat, Oracle Solaris.

The requirements cover not only the cryptographic modules themselves but also their documentation and at the highest security level some aspects of the comments contained in the source code. Fipd use of validated cryptographic modules is required by the United States Government for all unclassified uses of cryptography. This article relies too much on references to primary sources. You can no longer have a product validated under FIPSbecause it is no longer a current standard.


From Wikipedia, the free encyclopedia. FIPSissued on 11 Januarywas developed by a government and industry working group, composed of vendors and users of cryptographic equipment. Please help improve it or discuss these issues on the talk page. August Learn how and when to remove this template message. Since validation is an expensive process, this gives software vendors an incentive to postpone changes to their software and can result in software that does not receive security updates until the next validation.

I tried googling for this info but it’s not easily available because FIPS is now really old. The group identified the four “security levels” and eleven “requirement areas” listed above, and specified requirements for each area at 10-1 level.

By using this site, you agree to the Terms of Use and Privacy Policy.

By using our site, you acknowledge that you have read and understand our Cookie PolicyPrivacy Policyand our Terms of Service.