Tuesday, November 29, 2011

The Uplogix Platform & FIPS 140-2 Compliance

FIPS guidelines prevent unauthorized physical
access to critical security parameters
Recently at Uplogix we've had expanded interest in FIPS 140-2 compliance from outside the federal market as an even more secure version of the local management platform. The Federal Information Processing Standard (FIPS) Publication 140-2 is a computer security standard issued by the National Institute of Standards and Technology (NIST) to accredit cryptographic modules for government computing platforms.

Uplogix meets the requirements for FIPS 140-2 Level 2 certification and is in-process with NIST.

The enhancements made to the already-significant security features in the Uplogix Local Management Platform meet or exceed government standards for the protection of data and information captured and stored by Uplogix Local Managers (LMs).

Software enhancements for FIPS
Most of the differences between a standard Uplogix LM and a FIPS compliant device is in the operating software with some alterations to Roles, Services and Authentication procedures as well as rules for security policy.

A default Uplogix LM ships with the Admin and Guest roles. During FIPS initialization, a third role is created to allow operators the ability to Factory Reset, or zeroize the system. In FIPS mode, the Admin and Factory Reset roles are assigned to the Crypto Officer.

Additional security rules are implemented in FIPS mode by the Crypto Officer to confirm to FIPS 140-2. In FIPS mode, the Uplogix LM operates with specific security rules to ensure secure communication with administrators as well as the Uplogix Control Center using FIPS-compliant algorithms.

Hardware differences from standard Uplogix Local Managers
Additional improvements to the physical device itself include tamper-evident labels (TELs), visual obstructions and solid state onboard storage. The TELs indicate that someone has attempted to dismantle the LM, or in addition in the case of the Uplogix 430, access the device using the console connection.

The onboard storage differs by LM model:
  • Uplogix 430 LM, 8GB Compact Flash Card
  • Uplogix 3200 LM, 40GB SATA Solid State Drive