We are delighted to announce that Digital Defence has received the FIPS 140-2 accreditation!
WHAT IS FIPS 140-2?
The Federal Information Processing Standard (FIPS) Publication 140-2 is a US government computer security standard for cryptographic modules.
Private sector vendors that collect, store, transfer, share and disseminate sensitive unclassified (SBU) information, seek this information technology security accreditation programme to get their products certified for use in government departments and regulated industries (such as financial and health-care institutions).
WHAT’S ITS PURPOSE?
To coordinate the requirements and standards for cryptography modules that include both hardware and software components.
Protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module.
The standard provides four increasing, qualitative levels of security intended to cover a wide range of potential applications and environments. The security requirements cover areas related to the secure design and implementation of a cryptographic module, including:-
- Cryptographic module specification
- Cryptographic module ports and interfaces
- Roles, services, and authentication
- Finite state model
- Physical security
- Operational environment
- Cryptographic key management
- Electromagnetic interference/electromagnetic compatibility (EMI/EMC)
- Design assurance
- Mitigation of other attacks