Wednesday, October 12, 2011

What exactly is FIPS 140-2 compliance?

The Federal Information Processing Standard (FIPS) Publication 140-2 is a computer security standard issued by the National Institute of Standards and Technology (NIST) to accredit cryptographic modules for government computing platforms.

Uplogix provides solutions for federal networks with products that are FIPS-140-2 compliant and in-process with NIST.
The requirements include both hardware and software components and a validation program to ensure that federal agencies and departments are using more secure systems and networks. For non-governmental users, FIPS standards ensure stronger products. In industries like finance and health care, the penalties for data that isn't secure are severe, and utilizing FIPS certified devices is a critical part of the network architecture.

There are four security levels defined in FIPS 140-2:

  • Level 1 | The lowest security level, has basic requirements for a cryptographic module.
  • Level 2 | Adds physical security requirements to Level 1 to show evidence of tampering and discourage unauthorized physical access to critical security parameters (CSPs) within the cryptographic module.
  • Level 3 | This level goes being discouraging unauthorized physical access to include strong enclosures and tamper detection/response circuitry that erases data within CSPs when the module is opened.
  • Level 4 | Designed for physically unprotected environments, requirements at this level provide a complete envelope of protection to detect and respond to unauthorized attempts at phyical access, including environmental changes or attacks designed to thwart the cryptographic module's defenses.
Uplogix Appliances and the FIPS 140-2 Standard
With the RMOS v4.3 release, Uplogix meets the requirements for FIPS 140-2 Level 2 certification from NIST. The enhancements made in the release to the already-significant security features in RMOS meet or exceed government standards for the protection of data and information captured and stored by Uplogix appliances.

Additional improvements to the physical appliance itself include tamper-evident seals and visual obstructions.

FIPS 140-2 compliance is not very common in the network management space. The stringent security features of the Uplogix platform simplified the enhancements required for FIPS 140-2 Level 2 final certification, which is expected in the coming months.