Contents
What are the security requirements for FIPS 140-2?
See FIPS 140-3 Development for more details. This Federal Information Processing Standard (140-2) specifies the security requirements that will be satisfied by a cryptographic module, providing four increasing, qualitative levels intended to cover a wide range of potential applications and environments.
What does RFG stand for in FIPS 140-2?
Clear indication of whether the RFG is PROPRIETARYor NON-PROPRIETARY, 2. A descriptive title, 3. Applicable statement(s) from FIPS 140-2, 4. Applicable assertion(s) from the FIPS 140-2 DTR, 5. Applicable required test procedure(s) from the FIPS 140-2 DTR, 6.
Who is under contract for FIPS 140-2 or algorithm testing?
Vendors who are under contract with a CST laboratory for FIPS 140-2 or algorithm testing of a particular implementation(s) must contact the contracted CST laboratory for any questions concerning the test requirements and how they affect the testing of the implementation(s).
What does CMVP stand for in FIPS 140-2?
The CMVP validates the test results of National Voluntary Laboratory Accreditation Program (NVLAP) accredited Cryptographic and Security Testing (CST) Laboratories which test cryptographic modules for conformance to Federal Information Processing Standard Publication (FIPS) 140-2, Security Requirements for Cryptographic Modules.
Is the SMB3 operating system compliant with FIPS 140?
SMB3 can be FIPS 140 compliant, if Windows is configured to operate in FIPS 140 mode on both client and server. In FIPS mode, SMB3 relies on the underlying Windows FIPS 140 validated cryptographic modules for cryptographic operations. The following tables identify the cryptographic modules used in an operating system, organized by release.
When does Microsoft undertake a FIPS 140 validation?
Microsoft begins certification of cryptographic modules after each major feature release of Windows 10 and Windows Server. The duration of each evaluation varies, depending on many factors. When does Microsoft undertake a FIPS 140 validation?
What is the Federal Information Processing Standard 140-2?
The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products.
When was FIPS 140-2 signed by NIST?
FIPS 140-2 was signed in 2001. Originally, it was planned to revise the standard every five years. But there have been so many delays that NIST is planning to skip FIPS 140-3 altogether, and go straight to FIPS 140-4, though there is no firm date.
Which is the latest version of the FIPS certificate?
Windows 10 Spring 2018 Update (Version 1803) Cryptographic Module FIPS Certificate # Cryptographic Primitives Library #3197 Kernel Mode Cryptographic Primitives Lib #3196 Code Integrity #3195 Windows OS Loader #3480