 FIPS 140-2 : Frequently Asked Questions |
| |
1. What is FIPS 140-2?
FIPS 140-2 is a Federal Information Processing Standard that spells out the cryptographic requirements for products used in the Federal Government.
2. What is the CMVP?
The CMVP is a joint American and Canadian cryptographic module validation program that determines FIPS 140-2 compliance of a product. The product is tested by COACT and validated by the National Institute of Standards and Technology (NIST) and the Communications Security Establishment (CSE).
3. What is the validation process?
COACT will assist you in determining if your product and its accompanying documentation are likely to FIPS compliant. If we feel that your product is not yet ready for validation testing, we will help you determine what the appropriate steps are to prepare for validation testing. Once your product is ready, COACT performs the tests and generates vectors for all algorithms that are tested. We request that your product be listed on the pre-validation list (if desired). We then document the test results and formally submit them to the National Institute of Standards (NIST) and the Communications Security Establishment (CSE). The submission is then reviewed and commented on by NIST and CSE. COACT responds to the comments, and when NIST and CSE are satisfied that the requirements have been met, a validation certification is awarded. When a certificate is issued, it is sent to COACT and we then forward it to you. The certificate and Security Policy are posted to the NIST website at http://csrc.nist.gov/cryptval/welcome.html.
4. How do I know if I need FIPS?
The best measure of this is to know your target market’s requirements and, of course, your competitors’ activities. FIPS has been a requirement for Federal Government cryptographic users since 1995.
5. How do I know if my product is compliant?
Unless you have designed your product to the FIPS 140-2 standard it may not be FIPS compliant. This is why COACT is engaged at an early stage to help you determine compliance. COACT assists with all aspects of the validation to help your product achieve a FIPS 140-2 certificate.
6. What algorithms should I pick?
There are specific algorithms that are FIPS Approved algorithms. These are validated separately or in conjunction with the FIPS 140-2 validation.
There are algorithms allowed for use in FIPS mode such as Diffie – Hellman key exchange, RSA or ECC keys for key wrapping. COACT will assist you in determining what algorithms are required for your validation.
7. Do I have to revalidate if I change my cryptographic module?
Yes. There are different revalidations depending on the types of changes to the cryptographic module. COACT will help you with the revalidation that is most effective for your cryptographic module.
8. How long will it take?
If the cryptographic module and documentation evidence meet the requirements, FIPS testing can be performed by COACT in 1 to 2 months.
|
|