FIPS 140-2 sERVICES
Federal Information Processing Standard (FIPS) 140-2 specifies the security requirements which must be met in order for products to be validated under the Cryptographic Module Validation Program (CMVP). The CMVP is a joint program between the US National Institute of Standards and Technology (NIST) and the Canadian Communications Security Establishment (CSE). These two organizations oversee the validation of products and/or cryptographic modules to the FIPS 140-2 standard.
For vendors, a successful FIPS 140-2 can be validation can be essential to selling their products in US and international markets:
- In the U.S. cryptographic modules shall be FIPS 140-2 validated when cryptography is used by federal government agencies to protect sensitive, but unclassified information (see section 3.2 of the FIPS 140-2 FAQ for details).
- In Canada, the CSE recommends federal agencies use FIPS 140-2 validated cryptographic modules to secure data designated as Protected A or Protected B. Also, FIPS 140 validation is a necessary precursor for a cryptographic product to be listed in the Canadian government’s ITS Pre-qualified Products List (IPPL).
- In the U.K., the Communications-Electronics Security Group (CESG) recommends the use of FIPS 140 validated cryptographic modules.
Achieving validation under FIPS 140-2 can be a challenging undertaking. Selecting an experienced, accredited testing facility can play a key role in ensuring your endeavors are successful, on time and on budget. The EWA-Canada IT Security Evaluation & Test Facility (ITSET) provides a full complement of capabilities that support all facets of the FIPS 140-2 process.
- FIPS 140-2 Pre-Validation Consulting
- FIPS 140-2 Validation and Re-Validation
- Cryptographic Algorithm Validation
- FIPS 140-2 Validation Support
Please Contact Us for further information.