[FDE] How important is FIPS 140-2 Level 1 cert
mr carboni
sec1nfo at yahoo.com
Tue Dec 26 20:10:10 MST 2006
Hello -
The way I've understood it is the FIPS 140-2 level 'X' is Mandated towards the USA Financial and now US Gov markets <recongnized in EU and AU>. It is a detailed standard that ensures Crypto products can do what they state - but still only 'required' in the US market. The International Community is now relying on CC (common criteria) for a wider range of Evaluation Assured Levels.
So to answer the original question - the FIPS 140-2-L2 product underwent a more stringent set of testing - so go for that product. But also look for other Certifications
here is a tid-bit from Corsec:
http://www.corsec.com/docs.php
There are three different validations that products can receive:
The International Common Criteria for Information Security Technology Evaluation Mutual Recognition Arrangement;
The National Security Agency (NSA)/National Institute of Standards and Technology (NIST) National Information Assurance Partnership (NIAP) Evaluation and Validation Program; or
The NIST Federal Information Processing Standard (FIPS) validation program.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.xml-dev.com/pipermail/fde/attachments/20061226/5306a139/attachment.html
More information about the FDE
mailing list