Federal Information Processing Standards (FIPS) 140-2 is a U.S. standard for the security of cryptographic modules. It includes a broad set of security requirements covering everything from the physical security, cryptographic key management, roles and services, and cryptographic algorithm implementation that must be met before the cryptographic module can be approved as “validated”.
A cryptographic module includes all the hardware, software, and firmware components within a specified boundary that perform cryptographic operations. Examples of cryptographic modules are computer chips, cryptographic cards that go in a server, security appliances, and software libraries. A cryptographic module may, or may not, be the same as a sellable product. For example, a computer server doing cryptographic operations might have an internal crypto card that is the actual FIPS 140-2 validated crypto module.
Why FIPS 140-2 Certification is Important
Government agencies need to be able to trust that the products they purchase are performing cryptographic operations properly and in a secure manor. Rather than have each government agency evaluate each crypto product, the FIPS 140-2 system was implemented so that once a product is FIPS 140-2 validated, government agencies could procure any validated crypto module knowing that is secure.
FIPS 140-2 evaluation is required for sale of products implementing cryptography to the U.S Federal Government. Beyond the U.S. government, any company who has a requirement for HIPAA, FISMA, or FedRAMP requires FIPS 140-2 certification. In addition, the financial community increasingly specifies FIPS 140-2 as a procurement requirement and is beginning to embrace it as a standard for their deployments.
FIPS 140-2 Security Levels
Level 1 provides the lowest level of security and only basic security requirements are specified for a cryptographic module. Level 1 allows software and firmware components of a cryptographic module to be executed on a general purpose computing system using an unevaluated operating system. Most, if not all, software based crypto modules can only achieve a Level 1 certification.
Level 2 enhances the physical security mechanisms of a Level 1 and adds a requirement for tamper evidence. Level 2 requires, at a minimum, role-based authentication.
Level 3 builds upon the physical security mechanisms to ensure a high probability of detecting and responding to tamper attempts. Level 3 also requires identity-based authentication and the entry or output of plaintext ports to be physically separated, or have interfaces that are logically separated using a trusted path.
Level 4 physical security mechanisms provide a complete envelope of protection around the cryptographic module including environmental protections outside of the module’s normal operating range.