Contents
What are FIPS validated cryptographic algorithms?
The FIPS validated algorithms cover symmetric and asymmetric encryption techniques as well as use of hash standards and message authentication. If a cryptographic module does use algorithms from the NIST FIPS list, the module cannot be considered for validation.
How do I get FIPS validated?
The FIPS validation process In order to become FIPS 140-2 validated or certified, all components of a security solution (both hardware and software) must be tested and approved by one of the following NIST accredited independent laboratories: Advanced Data Security (San Jose, CA)
What are the FIPS levels?
FIPS 140-2 is a standard which handles cryptographic modules and the ones that organizations use to encrypt data-at-rest and data-in-motion. FIPS 140-2 has 4 levels of security, with level 1 being the least secure, and level 4 being the most secure: FIPS 140-2 Level 1- Level 1 has the simplest requirements.
Is the FIPS 140-1 and 140-2 validated modules search?
The FIPS 140-1 and FIPS 140-2 validated modules search provides access to the official validation information of all cryptographic modules that have been tested and validated under the Cryptographic Module Validation Program as meeting requirements for FIPS PUB 140-1 and FIPS PUB 140-2.
When did FIPS PUB 140-2 come into effect?
FIPS 140-2 was signed on May 25, 2001 and became effective November 15, 2001 when Derived Test Requirements for FIPS PUB 140-2, Security Requirements for Cryptographic Modules was published.
Are there any non FIPS approved algorithms in the CMVP?
The algorithms, protocols, and cryptographic functions listed as “other algorithms” (non-FIPS-approved algorithms) have not been validated or tested through the CMVP. Users in Federal Government organizations are advised to utilize the validated module search to aid in product acquisition.
What does CMVP stand for in FIPS 140-2?
This is intended to provide clarifications of CMVP programmatic guidance, FIPS 140-2, FIPS 140-2 Derived Test Requirements, testing guidance, and guidance related to the implementation of Approved or non-Approved security functions.