The selective application of technological and related procedural safeguards is an important responsibility of every Federal organization in. FIPS (Federal Information Processing Standard) is the benchmark for validating the effectiveness of cryptographic hardware. If a product has a FIPS You need to know if Symantec Endpoint Encryption(SEE) and/or Guardian Edge Hard Drive (GEHD) encryption is a validated FIPS and/or
|Genre:||Health and Food|
|Published (Last):||22 September 2008|
|PDF File Size:||1.35 Mb|
|ePub File Size:||17.80 Mb|
|Price:||Free* [*Free Regsitration Required]|
A module that is FIPScompliant is not more secure than a module that is FIPScompliant, it is only more up-to-date in the certification process. Computer security standards Cryptography standards Standards of the United States.
Email Required, but never shown. Post as a guest Name. Please help improve this article by adding citations to reliable sources. Sign up using Email and Password.
Is Symantec Endpoint Encryption a validated FIPS 140-1 and FIPS 140-2 Cryptographic Module?
This page was last edited on 12 Marchat 140–1issued on 11 Januarywas developed by a government and industry working group, composed of vendors and users of cryptographic equipment.
Is Symantec Endpoint Encryption a validated FIPS and FIPS Cryptographic Module?
This article 1400-1 too much on references to primary sources. There are 4 steps, not 8 — it’s just that the requirements for climbing those steps were tweaked. From Wikipedia, the free encyclopedia. Sign up or log in Sign up using Google.
You can no longer have a product validated under FIPSbecause it is no longer a current standard. Darren Moffat, Oracle Solaris. The fops identified the four “security levels” and eleven “requirement areas” listed above, and specified requirements for each area at fipx level. FIPS is a new version of the standard which is currently under development. For Levels 2 and higher, the operating platform upon which the validation is applicable is also listed. July Learn how and when to remove this template message.
public key infrastructure – FIPS and FIPS – Information Security Stack Exchange
Please help to improve this article fps introducing more precise citations. Retrieved from ” https: I tried googling for this info but it’s not easily available because FIPS is now really old. FIPS does not purport to provide sufficient conditions to guarantee that a module conforming to its requirements is secure, still less that a system built using such modules is secure.
Home Questions Tags Users Unanswered. The Government of Canada also recommends the use of FIPS validated cryptographic modules in unclassified applications of fpis departments. Articles lacking in-text citations from July All articles lacking in-text citations Articles needing additional references from August All articles needing additional references Articles lacking reliable references from January All articles lacking reliable references Articles with multiple maintenance issues Articles containing potentially dated statements from December All articles containing potentially dated statements.
Vendors do not always maintain their baseline validations. In addition to the specified levels, Section 4. Unsourced material may be challenged and removed. This article includes a list of referencesbut its sources remain unclear because it has insufficient inline citations.
Please improve this by adding secondary or tertiary sources. January Learn how and when to remove this template message. The result may be that validated software is less safe than a non-validated equivalent. Please help improve it or discuss these issues on the talk page. Learn how and when to remove these template messages. The use of validated cryptographic modules is required by the United States Government for all unclassified 1401 of cryptography. The draft issued on 11 Sephowever, 1440-1 to four security levels and limits the security levels of software to levels 1 and 2.
The -1 or -2 part is a version number. It does not specify in detail what level of security is required by any particular application.
1400-1 validation is an expensive process, this gives software vendors an incentive to postpone changes to their software and can result in software that does not receive security updates until the next validation.