Federal Information Processing Standards (FIPS)
Federal Information Processing Standards (FIPS) are a series of standards, outlining the requirements that IT products must satisfy, to be acceptable for use by US Federal government agencies and contractors. Developed by the National Institute of Standards for Technology (NIST), the process of FIPS validation ensures that technology products are rigorously tested and deemed sufficiently secure enough to deal with sensitive data.
There are a number of different FIPS standards including 186-2 – Digital Signature Standard, 190 – Guideline For The Use Of Advanced Authentication Technology Alternatives, 197 – AES etc. but by far the most significant standard in terms of secure data transfer is FIPS 140.
FIPS 140 defines the requirements and standards that must be met by cryptographic modules (components) used in computer hardware and software solutions. As IT solutions are used in different departments and environments, the scope of cryptographic requirements imposed by FIPS has been broken down into eleven distinct areas and four increasing, qualitative security levels. They are as follows:
- Cryptographic module specification (what must be documented).
- Cryptographic module ports and interfaces (what information flows in and out, and how it must be segregated).
- Roles, services and authentication (who can do what with the module, and how this is checked).
- Finite state model (documentation of the high-level states the module can be in, and how transitions occur).
- Physical security (tamper evidence and resistance, and robustness against extreme environmental conditions).
- Operational environment (what sort of operating system the module uses and is used by).
- Cryptographic key management (generation, entry, output, storage and destruction of keys).
- EMI/EMC (electromagnetic interference/electromagnetic compatibility).
- Self-tests (what must be tested and when, and what must be done if a test fails).
- Design assurance (what documentation must be provided to demonstrate that the module has been well designed and implemented).
- Mitigation of other attacks (if a module is designed to mitigate against, specific attacks then its documentation must say how).
What are the implications of FIPS in terms of File Transfer?
If you are purchasing a FIPS accredited solution, you can rest assured the product has been rigorously tested and is physically secure enough to protect your sensitive data.
Our specialists at Pro2col can help you to source and implement a FIPS accredited, secure file transfer solution to suit your business requirements. Please contact Pro2col on 0333 123 1240 for more information.