Fips pub 1402 provides details about the security requirements for cryptographic modules. I know this is an edge use case for 7zip, i was just wondering if you would be open to the idea patches to link against openssl at compile time. Federal information processing standard fips publication. Netlib securitys cryptographic module offers two forms of encryption, while.
The federal information processing standard 1402 fips 1402 is an information technology security accreditation program for validating that the cryptographic modules produced by private sector companies meet welldefined security standards. When referring to fips 1402 compliance, it is important to distinguish between the securid processor found in all rsa hardware authenticators and the smart chip used specifically in the sid800. Instructions for using sql server 2012 in the fips 1402. Federal information processing standards fips 1402 is part of the 140 publication series issued by the national insttitute of stantards and technology nist. These products provide an option to install the product in fips mode. Fipsvalidated filelevel encryption software government. As with earlier versions of winzip, these modules are not fips 1402 compliant, though they provide fips 197 certified aes. Fips 1402 establishes the cryptographic module validation program cmvp as a. Cryptographic module an overview sciencedirect topics.
A cryptographic module is defined as any combination of hardware, firmware or software that implements cryptographic functions such as encryption, decryption. Current federal information processing standards fips 1402 security requirements for cryptographic modules 01 may 25 supersedes fips pub 1401, 1994 january 11. For a given cryptographic module to be validated as compliant with fips 1402, an organization must submit that module to the cryptographic module validation program cmvp. Testing of cryptographic modules against fips 1402 will end on september 22, 2021. However fips 1402 implementation guide states that des is not approved since may 19, 2007. Alloy navigator family of products uses cryptographic modules and data transmissions protocols that have been validated to meet the fips 1402 standards.
There are four security levels specified in the fips 1402 standard, and for each level there are 11 different areas related to the design and implementation of. A cryptographic module federal government standard. The federal information processing standard fips standard, 1402, is a u. The united states and canadian governments recognize the validation of cryptographic modules against standards like fips 1402 and not the use of. Goanywhere mft provides a fips 1402 compliance mode and when enabled, it only permits the use of fips 1402 compliant ciphers e. No specific physical security mechanisms are required in a security level 1 cryptographic module beyond the basic requirement for productiongrade components. Fips 1402, security requirements for cryptographic. Security level 1 deals with the basic security requirements of the approved cryptographic modules and approved algorithms used for encryption mostly on the software level. The search results list all issued validation certificates that meet the supplied search criteria and provide a link to view more detailed information about each certificate. Validated modules cryptographic module validation program.
The fips 1402 certified algorithms ciphers in goanywhere mft are provided by an embedded rsasecurity module and apply to all ssh and ssl. Encryption is key to keeping sensitive data protected. Fips 1402 encryption software if you are looking to become fips 1402 validated, encryptionizer can get you one step closer. Oracle database uses these cryptographic libraries for secure sockets layer ssl. The federal information processing standard fips publication 1402 fips pub 1402, commonly referred as fips 1402, is a us government computer security standard used to validate cryptographic modules. Standards cryptographic module validation program csrc. Federal information processing standards fips vmware. Microsoft certifies that its cryptographic modules comply with the us federal. Fips background the fips federal information processing standard publication 1402 is a series of standards specified by the united states government for approving cryptographic software. Netlib security s cryptographic module offers two forms of encryption, while simultaneously enabling companies to meet this required standard of security protection issued by fips 1402 validation.
The mccms are used by the following encryption products. Security requirements for cryptographic modules includes. The fips 1402 cryptographic libraries are designed to protect data at rest and in transit over the network. Federal information processing standard fips 1402, security requirements for cryptographic modules affixed. The fips 1401 and fips 1402 validated modules search provides. The fips 1401 and fips 1402 validated modules search provides access to the official validation information of all cryptographic modules that have been tested and validated under the cryptographic module validation program as meeting requirements for fips pub 1401 and fips pub 1402.
Netlib securitys cryptographic module offers two forms of encryption, while simultaneously enabling companies to meet this required standard of security protection issued by fips 1402 validation. Netlib security s cryptographic modules, have been tested and validated against the requirements found in fips pub 1402, security requirements for cryptographic modules by nist. These terms are not recognized or defined government terms. The group identified the four security levels and eleven requirement areas listed above, and specified requirements for each area at each level. And looking at the list of fips140 validated modules i can see. The terms fips 1402 compliant, fips 1402 compliance, and fips 1402compliant mode are defined here for use and clarity. Fips 140 faq, fips pub 1402, cryptographic modules security. Presenting the industrys first digital kvm switch families with embedded fips 1402certified encryption modules.
The fips 1402 standard is an information technology security approval program for cryptographic modules produced by private sector vendors who seek to have their products certified for use in government departments and regulated industries such as financial and healthcare institutions that collect, store, transfer, share and disseminate sensitive but unclassified sbu information. Tripledes cbc is approved, but whether your implementation is certified depends on what testing microsoft had done, and whether you are deploying it according to the criteria specified for those tests. Building a fips compliant version of it on linux is relatively easy, but windows is more difficult. When you configure mobility to require fipscompliant encryption, a mobility server accepts connections only from mobility clients that use any of a list of cryptographic modules specified in the mobility console.
The 140 series is meant to define requirements for cryptographic modules for hardware and software components. However, the first step to ensuring validation is to use algorithms for fips compliance from the approved list. Vmware has validated various cryptographic modules against the fips 1402 standard. Obviously were on our own if we need a tamperproof product. The federal information processing standard fips publication 1402 is a u. The cmvp is a joint effort between the national institute of tandards and s technology and the. When the windows fips 140 compliancy is disabled, winzip uses its own cryptographic modules to provide both aes and zip 2. Fips 1402 is designed specifically for validating software and hardware cryptographic modules, while common criteria is designed to evaluate security functions in it software and hardware products. Fips considerations during setup netmotion software. If a cryptographic module does use algorithms from the nist fips list. The fips pub 1402 security requirements cover 11 areas related to the design and implementation of a cryptomodule. So if you link against openssl in fips mode you can outsource the encryption to that module and gain the certification status.
Encrypting data at rest using fips 1402 cryptographic. There are 4 levels that pertain to fips 1402 compliance ranging from the encryption modules used to the actual physical security to how fips is implemented. The federal information processing standard publication 1402, fips pub 140 2, is a u. Security level 1 security level 1 provides the lowest level of security. There are four qualitative levels of fips validation, levels 1 through 4, which like common criterias eals intend to validate increasingly thorough assurance. Bitlocker can be configured to use only fips 1402 validated cryptographic modules. This standard covers implementations of cryptographic modules including, but not limited to, hardware components or modules, softwarefirmware programs or modules or any combination thereof.
Abstract this federal information processing standard 1402 specifies the security requirements that will be satisfied by a cryptographic module, providing four increasing, qualitative levels intended to cover a wide range of potential applications and environments. The cryptographic module validation program cmvp validates cryptographic modules to federal information processing standard fips 1403 and other cryptographybased standards. When mobility is configured to require fips 1402 validated encryption, a mobility server accepts connections only from mobility clients that use any of a list of cryptographic modules specified in the mobility console. The requirement for fipscompliant encryption is set globally, and applies to all. If your software is used as part of a larger product that uses cryptography, then whether it will have an impact on the larger products fips 140 compliance depends on what your software does.
Mcafee has successfully completed the fips 1402 validation process for the mcafee core cryptographic modules mccm. The federal information processing standard publication 1402, fips pub 1402, is a u. Fips 1402 is a set of standards for document processing, encryption. The federal information processing standard fips 1402 is a u. Columbitech mobile vpn the only fips 1402 certified mobile vpn columbitech mobile vpn supports the strongest security measures and uses the advanced encryption standard aes up to 256 bits and 3des 112 bits for. Federal information processing standard fips publication 1402.
In this article, we define fips 1402compliant, fips 1402 compliance, and fips 1402compliant mode to mean that sql server 2008 uses only fips 1402validated instances of algorithms and hashing functions in all instances in which encrypted or hashed data is imported or exported to sql server 2008. The title is security requirements for cryptographic modules. Fips 140 compliant is an industry term for it products that rely on fips. What is fips 1402 and why its important security boulevard. There are fips 1402 libraries available, so a special compiled version can be created that hopefully makes the government auditors happy. For years, it administrators in government and military installations relied on analog solutions to provide secure, bioslevel access to their lab, computer room and data center devices. Common criteria evaluations often rely on fips 1402 validations to provide assurance that basic cryptographic functionality is implemented properly. For many organizations, requiring fips certification at fips 140 level 3 is a good compromise between effective security, operational convenience, and choice in the marketplace. Keep sensitive data secure and meet fips cryptography standards. Are there any fips1402 certified solutions for linux. This federal information processing standard 1402 specifies the security requirements that will be satisfied by a cryptographic module, providing four increasing, qualitative levels. The cryptographic module validation program cmvp, a joint effort of the. In fips mode, encryption and decryption are done using only encryption and hashing algorithms that have been validated for compliance with fips 1402 security requirements for cryptographic modules by the nist.
A cryptographic module is defined as any combination of hardware, firmware or software that implements cryptographic functions such as encryption, decryption, digital signatures, authentication techniques and random number generation. Theres a difference between fips 1402 approved ciphers and fips 1402 certified implementations. Basic security requirements are specified for a cryptographic module e. Some form of physical data protection, involving disk encryption and physical tamper evident packaging. Fips 1402 requires that any hardware or software cryptographic. The fips 1402 standard specifies and validates the cryptographic and operational requirements for.
Administrators can use the pkware enterprise manager to set defaults for all users and enforce the use of fips mode wherever necessary. If your software isnt a cryptographic module, fips 140 is irrelevant. The fips 1402 standard technically allows for softwareonly implementations at level 3 or 4, but applies such stringent requirements that none have been validated. Ensure fips 1402 validated cryptographic modules are installed. Fips 1402 is a nist standard that specifies requirements for cryptographic modules. A fips validation ensures that the cryptographic module has been tested and meets the highest security requirements.
Fips 1402 compliant terminal emulator rocket software. Fips 140 validation windows security microsoft docs. This cryptographic standard is often mandatory for government and military processes. As of february 2020, two revised editions of fips 140 are approved for testing available cryptographic modules for government use, fips 1402 and fips 1403. The downside of openssl is the lack of a userfriendly turnkey operation.