The Federal Information Processing Standardization 140 (FIPS 140) is a security standard used by the United States federal government for cryptographic modules. FIPS 140 defines the requirements for cryptographic modules to be used in federal government systems.
FIPS 140-2 is the most recent version of the standard, and was published in 2001. It replaces FIPS 140-1, which was published in 1994.
FIPS 140-2 defines four levels of security, from Level 1 (the lowest) to Level 4 (the highest). Level 1 requires that the module provide basic security features, while Level 4 requires that the module provide extensive security features.
Most federal government systems use cryptographic modules that meet at least Level 2 security.
What is the purpose of FIPS 140-2?
FIPS 140-2 is a U.S. federal government standard that defines requirements for cryptographic modules. Cryptographic modules are used to protect sensitive data and ensure the integrity of communications. The standard is used by government agencies and contractors to assess the security of cryptographic modules.
FIPS 140-2 defines four levels of security, ranging from level 1 (the lowest) to level 4 (the highest). The security level of a cryptographic module is determined by the capabilities of the module and the security controls in place.
Level 1:
The cryptographic module must implement one or more approved security functions, and must meet basic security requirements.
Level 2:
In addition to the requirements of level 1, the cryptographic module must have tamper-detection and tamper-prevention mechanisms.
Level 3:
In addition to the requirements of level 2, the cryptographic module must have physical security mechanisms to prevent unauthorized access.
Level 4:
In addition to the requirements of level 3, the cryptographic module must have robust security mechanisms to resist physical tampering.
What is the difference between FIPS 140-2 and 140 3?
The Federal Information Processing Standard (FIPS) 140-2 is a U.S. government standard that specifies the requirements for cryptographic modules used within other security systems to protect sensitive data.
The standard was first published in 2001, and was last updated in 2008. FIPS 140-2 is currently being phased out by its successor, FIPS 140-3, which was published in May 2018.
The major difference between the two standards is that FIPS 140-3 introduces new requirements for cryptographic modules to provide additional protections against physical attacks. FIPS 140-3 also contains new provisions for the use of cryptographic modules in virtualized and cloud environments. Is FIPS 140-2 NSA approved? The National Security Agency (NSA) does not approve products for compliance with FIPS 140-2. The NSA does, however, use products that have been validated as compliant with FIPS 140-2 by the National Institute of Standards and Technology (NIST).
What are the 4 levels of FIPS?
There are four levels of FIPS certification:
1. FIPS Level 1 is the lowest level of FIPS certification. It requires that the cryptographic module meet basic security requirements.
2. FIPS Level 2 adds requirements for cryptographic module integrity and tamper-resistance.
3. FIPS Level 3 adds requirements for physical security.
4. FIPS Level 4 is the highest level of FIPS certification. It adds requirements for cryptographic module robustness and fault tolerance.
What is the purpose of FIPS?
The purpose of FIPS is to ensure that information and communication systems used by the federal government are secure. FIPS provides guidance on how to protect information and communication systems from unauthorized access, use, disclosure, interception, or destruction.