What is FIPS certification?
- Computer Security Division at NIST maintains cryptographic standards such as FIPS, and coordinates Cryptographic Module Validation (CMV) Program for testing for cryptographic modules and algorithms.
- Security requirements cover 11 areas related to the design and implementation of a cryptographic module (FIPS PUB 140-2, Security Requirements for Cryptographic Modules (PDF file, KB)).
- Cryptographic module receives a security level rating (1-4, from lowest to highest).
- ITSEC and Common Criteria certification increasingly accepted as internationalization" of FIPS 140-2 program.
Where is FIPS certification required?
- FIPS standard is requirement for all US federal agencies that use cryptographic-based security systems to protect information in computer and telecommunication systems
- Also important to Canadian Government and many NATO-country governments in Europe
