What is FIPS 140-2?
The Federal Information Processing Standard Publication 140-2, is a U.S. government computer security standard used to approve cryptographic modules. It is published by the U.S. National Institute of Standards and Technologies (NIST) and is a security standard recognized by the U.S. and Canadian governments, as well as the European Union. It is often a specification that a security solution needs to meet for some of the more security-conscious organizations globally.
What does it mean to be FIPS 140-2 Certified/Validated?
To be FIPS 140-2 certified or validated, the software (and hardware) must be independently validated by one of 13 NIST specified laboratories, this process can take weeks. The FIPS 140-2 validation process examines the cryptographic modules. Level 1 examines the algorithms used in the cryptographic component of the software. Levels 2-4 build on the software component by adding different layers of physical security. The YubiKey FIPS Series meets Level 3 requirements (AAL3) which means that the code is within a tamper-proof container so that keys used in the cryptography are destroyed if the device is physically compromised.
Why is the FIPS standard important?
The government benchmark for security is FIPS 140-2. Being FIPS 140-2 certified tells users that a certain product has passed the rigorous testing and validations that go into securing some of the nation’s most sensitive information. Originally adopted in the US, FIPS is also making its way to other countries as well like Canada and Japan.
Other than government do any other industries use FIPS 140-2?
Healthcare, protected health information (PHI) for patients deserves the highest level of data privacy
Financial services, in order to meet compliance regulations and security audits, strong MFA of users is needed to secure data.
Manufacturing, there are some government regulations regarding data that manufacturing industries to be sensitive too