Introduction

In 1994, the National Institute of Standards and Technology (NIST) instituted a set of standards called FIPS 140 that are basically the “Good Housekeeping Seal of Approval “ for encryption products.  If an encryption product complies with its requirements (it is now in its second iteration, FIPS 140-2), that means it meets the best available standards for encrypting your data.  The federal government, many state and local governments, some foreign governments and much of the financial services sector require FIPS 140-2 validation.  NIST, working with he Communications Security Establishment Canada (CSEC), has established the Cryptographic Module Validation Program (CMVP) to oversee the process.  Using a network of accredited private laboratories, the CMVP validates offerings from private companies to be sure they comply with the FIPS 140-2.  The FIPS 140-2 standard includes a broad range of criteria that a module must be proven to meet before it can be validated.  Within FIPS 140-2, there are four levels of security, from 1 to 4, with level four being the most secure.  As you will see from the following brief description of the criteria in FIPS 140-2, it is a thorough, rigorous, and complete process.

Cryptographic Module Specifications

This section of the standards requires the vendor to document the all of components, physical layout, input and output paths, buffers, processors and other components of the cryptographic module plus all those that fall outside of the security border.

Cryptographic Modules Ports and Interfaces

The documentation must describe all data, control, input, output and status interfaces.  To be validated, the documentation must show how the cryptographic module's designs in these areas comply with the standard's requirements for such things as separation of input and output or control and data.

Roles, Services and Identification

This section of the documentation demonstrates how the cryptographic module separates and manages the roles of user, crypto officer, and maintenance person, to restrict access to decryption keys and  to the various cryptographic services available to authorized personnel only. 

Finite State Model

This section requires documentation of the various operational states possible in the cryptographic module, such as on or off, error states, self-tests, and the like.

Operational Environment

 If the operational environment of the module can be accessed and changed by an operator or another processor or program, then FIPS 140-2 standards will vary with the level of security being considered.  The greater the security level, the more stringent the standard becomes.

Cryptographic Key Management

If more than two people know something it is no longer a secret.  FIPS 140-2 deals with how cryptographic keys are created, changed, accessed, used, and destroyed, and it sets forth procedures to prevent the key from being accessed by unauthorized personnel.
 
Self Tests

FIPS 140-2 requires the module to be able to self-test its internal operations, including software, firmware, and encryption/decryption algorithms.  If anything fails, the system should be unusable until it is fixed.

Summary

Using encryption products that meet a strict standard such as FIPS 140-2 simply makes good sense.  The total cost of a data security breach can easily exceed $200 per record and generate enormous legal and public relations consequences.  Plus, using a FIPS 140-2 validated product opens you up to more than $100 billion in potential business.  And, finally, you can gain a certain amount of peace of mind, knowing that when your phone rings at three in the morning, its probably just a wrong number.