The selective application of technological and related procedural safeguards is an important responsibility of every Federal organization in. FIPS (Federal Information Processing Standard) is the benchmark for validating the effectiveness of cryptographic hardware. If a product has a FIPS You need to know if Symantec Endpoint Encryption(SEE) and/or Guardian Edge Hard Drive (GEHD) encryption is a validated FIPS and/or
|Published (Last):||9 July 2006|
|PDF File Size:||18.56 Mb|
|ePub File Size:||17.91 Mb|
|Price:||Free* [*Free Regsitration Required]|
Darren Moffat, Oracle Solaris.
The use of validated cryptographic modules is required by the United States Government for all unclassified uses of cryptography. In addition to the specified levels, Section 4. Learn how and when to remove these template fps.
Computer security standards Cryptography standards Standards of the United States. This article relies too much on references to primary sources.
FIPS What Is It & How to Get Validated – Corsec
This article includes a list of referencesbut its sources remain unclear because it has insufficient inline citations. Sign up using Email and Password. A module that is FIPScompliant is not more secure than a module that is FIPScompliant, it is only more up-to-date in the certification process. The requirements cover not only the cryptographic modules themselves but also their documentation and at the highest security level some aspects of the comments contained in the source code.
I tried googling for this info but it’s not easily available because FIPS is now really old. You can no longer have a product validated under FIPSbecause it is no longer a current standard. August Learn how and when to remove this template message.
The result may fipe that validated software is less safe than a non-validated equivalent. Email Required, but never shown. Home Questions Tags Users Unanswered. The -1 or -2 part is a version number.
FIPSissued on 25 Maytakes account of changes in available technology and official standards sinceand of comments received from the vendor, tester, and user communities.
Views Read Edit View history. FIPS does not purport to provide sufficient conditions to guarantee that a module conforming to its requirements is secure, still less that a system built using such modules is secure.
Fip Government of Canada also recommends the use of FIPS validated cryptographic modules in unclassified applications of its departments. Please improve this by adding secondary or tertiary sources. It does not specify in detail what level of security is required by any particular application. FIPS is a new version of the standard which is currently under development. Please help improve this article by adding citations to reliable sources.
Retrieved from ” https: 14-01 are 4 steps, not 8 — it’s 1140-1 that the requirements for climbing those steps were tweaked. January Learn how and when to remove this template message. Due to the way in which the validation process is set up, a software vendor is required to re-validate their FIPSvalidated module for every change, no matter how small, to the software; this re-validation is required even for obvious bug or security fixes.
Is Symantec Endpoint Encryption a validated FIPS 140-1 and FIPS 140-2 Cryptographic Module?
Since validation is an expensive process, this gives software vendors an incentive to postpone changes to their software and can result in software that does not receive security updates until the next validation. Please help improve it or discuss these issues on the talk page.
July Learn how and when to remove this template message.