The National Institute of Standards and Technology (NIST), the agency that governs FIPS 140-2 validations in the United States, periodically releases updates and revisions to the Implementation Guidance (IG) used to evaluate products against FIPS 140-2 requirements. Earlier this month, NIST released a number of new revisions.<\/p>\n
The latest December changes include updates to:<\/strong><\/h5>\n\n- Revalidation Requirements<\/li>\n
- Instructions for Validation Information Formatting<\/li>\n
- Limiting the Use of FIPS 186-2<\/li>\n
- Acceptable Algorithms for Protecting Stored Keys and CSPs<\/li>\n
- Entropy Estimation and Compliance with SP 800-90B<\/li>\n
- Continuous Random Number Generator Tests<\/li>\n
- Pair-Wise Consistency Self-Test When Generating a Key Pair<\/li>\n
- Use of non-NIST-Recommended Asymmetric Key Sizes and Elliptic Curves<\/li>\n
- Key\/IV Pair Uniqueness Requirements from SP 800-38D<\/li>\n
- Use of Truncated HMAC<\/li>\n
- Approved Modulus Sizes for RSA Digital Signature and Other Approved Public Key Algorithms<\/li>\n
- CAVP Requirements for Vendor Affirmation to SP 800-56A Rev3 and the Transition from the Validation to the Earlier Versions of This Standard<\/li>\n
- Acceptable Key Establishment Protocols<\/li>\n
- Assurance of the Validity of a Public Key for Key Establishment<\/li>\n
- Requirements for Vendor Affirmation to SP 800-133<\/li>\n
- Elliptic Curves and the MODP Groups in Support of Industry Protocols<\/li>\n<\/ul>\n
Previous IG updates from this year included:
\n<\/strong><\/h5>\n\n- October<\/em>: Operational Equivalency Testing for HW Modules<\/li>\n
- August<\/em>: Limiting the Use of FIPS 186-2, Revalidation Requirements, Known Answer Tests for Cryptographic Algorithms, Key Agreement Methods, and Requirements for Vendor Affirmation of SP 800-56C<\/li>\n
- May<\/em>: Entropy Estimation and Compliance, Instructions for Validation Information Formatting, Entropy Caveats, and Entropy Assessment<\/li>\n
- February<\/em>: Enforcement of the Trusted Path by applying cryptographic protection<\/li>\n<\/ul>\n
The current Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program can be found here<\/span><\/a>.<\/p>\n<\/div>\n<\/div>\n[\/vc_column_text][vc_row_inner][vc_column_inner][vc_column_text]<\/p>\n
\n\nAbout FIPS 140-2<\/span><\/strong><\/h5>\nFIPS 140-2<\/a>\u00a0<\/span>is a joint effort by the National Institute of Standards and Technology (NIST) in the United States, and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140-2. Product vendors are required to complete validation testing of FIPS-approved and NIST-recommended cryptographic algorithms and their individual components.<\/span><\/p>\nFIPS 140-2 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.\u00a0<\/span>FIPS is mandated by law in the U.S. and very strictly enforced in Canada, it is also currently being reviewed by ISO to become an international standard. FIPS 140-2 is gaining worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. A FIPS 140-2 validation of a product provides end users with a high degree of product security, assurance, and dependability.<\/span><\/p>\n<\/div>\n<\/div>\n[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][vc_row_inner][vc_column_inner][vc_column_text]<\/p>\n
\n\nAbout Corsec Security, Inc.<\/strong><\/h5>\nFor two decades Corsec\u00a0<\/strong>has\u00a0assisted companies through the IT security certification process for\u00a0FIPS 140-2<\/a><\/strong>,<\/span>\u00a0Common Criteria<\/strong><\/a><\/span>\u00a0(CC) and the\u00a0DoD\u2019s APL<\/strong><\/a>. We are\u00a0a\u00a0privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our\u00a0certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our\u00a0broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.<\/p>\n<\/div>\n<\/div>\n\n\nConnect With Us<\/strong><\/h5>\n\nStay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements \u2013\u00a0Subscribe<\/span><\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n\n\n###<\/p>\n<\/div>\n<\/div>\n
[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][vc_separator][vc_row_inner][vc_column_inner][vc_column_text]<\/p>\n
\n\nPress Contact:<\/a><\/strong><\/h5>\n\n\nJake Nelson<\/strong>
\nCorsec Director of Marketing
\njnelson@corsec.com<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n![\"LinkedIn\"](\"https:\/\/www.corsec.com\/wp-content\/uploads\/LinkedIn.png\")
\u00a0\u00a0\u00a0\u00a0\u00a0<\/a>![\"Twitter\"](\"https:\/\/www.corsec.com\/wp-content\/uploads\/Twitter.png\")
\u00a0\u00a0\u00a0\u00a0\u00a0<\/a>![\"Facebook\"](\"https:\/\/www.corsec.com\/wp-content\/uploads\/Facebook.png\")
<\/a><\/h4>\n<\/div>\n<\/div>\n[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"
[vc_row][vc_column][vc_column_text] The National Institute of Standards and Technology (NIST), the agency that governs FIPS 140-2 validations in the United States, periodically releases updates and revisions to the Implementation Guidance (IG) used to evaluate products against … <\/p>\n
Previous IG updates from this year included:
\n<\/strong><\/h5>\n\n- October<\/em>: Operational Equivalency Testing for HW Modules<\/li>\n
- August<\/em>: Limiting the Use of FIPS 186-2, Revalidation Requirements, Known Answer Tests for Cryptographic Algorithms, Key Agreement Methods, and Requirements for Vendor Affirmation of SP 800-56C<\/li>\n
- May<\/em>: Entropy Estimation and Compliance, Instructions for Validation Information Formatting, Entropy Caveats, and Entropy Assessment<\/li>\n
- February<\/em>: Enforcement of the Trusted Path by applying cryptographic protection<\/li>\n<\/ul>\n
The current Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program can be found here<\/span><\/a>.<\/p>\n<\/div>\n<\/div>\n[\/vc_column_text][vc_row_inner][vc_column_inner][vc_column_text]<\/p>\n
\n\nAbout FIPS 140-2<\/span><\/strong><\/h5>\nFIPS 140-2<\/a>\u00a0<\/span>is a joint effort by the National Institute of Standards and Technology (NIST) in the United States, and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140-2. Product vendors are required to complete validation testing of FIPS-approved and NIST-recommended cryptographic algorithms and their individual components.<\/span><\/p>\nFIPS 140-2 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.\u00a0<\/span>FIPS is mandated by law in the U.S. and very strictly enforced in Canada, it is also currently being reviewed by ISO to become an international standard. FIPS 140-2 is gaining worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. A FIPS 140-2 validation of a product provides end users with a high degree of product security, assurance, and dependability.<\/span><\/p>\n<\/div>\n<\/div>\n[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][vc_row_inner][vc_column_inner][vc_column_text]<\/p>\n
\n\nAbout Corsec Security, Inc.<\/strong><\/h5>\nFor two decades Corsec\u00a0<\/strong>has\u00a0assisted companies through the IT security certification process for\u00a0FIPS 140-2<\/a><\/strong>,<\/span>\u00a0Common Criteria<\/strong><\/a><\/span>\u00a0(CC) and the\u00a0DoD\u2019s APL<\/strong><\/a>. We are\u00a0a\u00a0privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our\u00a0certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our\u00a0broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.<\/p>\n<\/div>\n<\/div>\n\n\nConnect With Us<\/strong><\/h5>\n\nStay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements \u2013\u00a0Subscribe<\/span><\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n\n\n###<\/p>\n<\/div>\n<\/div>\n
[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][vc_separator][vc_row_inner][vc_column_inner][vc_column_text]<\/p>\n
\n\nPress Contact:<\/a><\/strong><\/h5>\n\n\nJake Nelson<\/strong>
\nCorsec Director of Marketing
\njnelson@corsec.com<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n\u00a0\u00a0\u00a0\u00a0\u00a0<\/a>\u00a0\u00a0\u00a0\u00a0\u00a0<\/a><\/a><\/h4>\n<\/div>\n<\/div>\n[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"
[vc_row][vc_column][vc_column_text] The National Institute of Standards and Technology (NIST), the agency that governs FIPS 140-2 validations in the United States, periodically releases updates and revisions to the Implementation Guidance (IG) used to evaluate products against … <\/p>\n
The current Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program can be found here<\/span><\/a>.<\/p>\n<\/div>\n<\/div>\n [\/vc_column_text][vc_row_inner][vc_column_inner][vc_column_text]<\/p>\n FIPS 140-2<\/a>\u00a0<\/span>is a joint effort by the National Institute of Standards and Technology (NIST) in the United States, and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140-2. Product vendors are required to complete validation testing of FIPS-approved and NIST-recommended cryptographic algorithms and their individual components.<\/span><\/p>\n FIPS 140-2 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.\u00a0<\/span>FIPS is mandated by law in the U.S. and very strictly enforced in Canada, it is also currently being reviewed by ISO to become an international standard. FIPS 140-2 is gaining worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. A FIPS 140-2 validation of a product provides end users with a high degree of product security, assurance, and dependability.<\/span><\/p>\n<\/div>\n<\/div>\n [\/vc_column_text][\/vc_column_inner][\/vc_row_inner][vc_row_inner][vc_column_inner][vc_column_text]<\/p>\n For two decades Corsec\u00a0<\/strong>has\u00a0assisted companies through the IT security certification process for\u00a0FIPS 140-2<\/a><\/strong>,<\/span>\u00a0Common Criteria<\/strong><\/a><\/span>\u00a0(CC) and the\u00a0DoD\u2019s APL<\/strong><\/a>. We are\u00a0a\u00a0privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our\u00a0certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our\u00a0broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.<\/p>\n<\/div>\n<\/div>\n Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements \u2013\u00a0Subscribe<\/span><\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n ###<\/p>\n<\/div>\n<\/div>\n [\/vc_column_text][\/vc_column_inner][\/vc_row_inner][vc_separator][vc_row_inner][vc_column_inner][vc_column_text]<\/p>\n Jake Nelson<\/strong> [\/vc_column_text][\/vc_column_inner][\/vc_row_inner][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":" [vc_row][vc_column][vc_column_text] The National Institute of Standards and Technology (NIST), the agency that governs FIPS 140-2 validations in the United States, periodically releases updates and revisions to the Implementation Guidance (IG) used to evaluate products against … <\/p>\nAbout FIPS 140-2<\/span><\/strong><\/h5>\n
About Corsec Security, Inc.<\/strong><\/h5>\n
Connect With Us<\/strong><\/h5>\n
Press Contact:<\/a><\/strong><\/h5>\n
\nCorsec Director of Marketing
\njnelson@corsec.com<\/p>\n<\/div>\n<\/div>\n\u00a0\u00a0\u00a0\u00a0\u00a0<\/a>\u00a0\u00a0\u00a0\u00a0\u00a0<\/a><\/a><\/h4>\n<\/div>\n<\/div>\n