[FDE] How important is FIPS 140-2 Level 1 cert

Bryan Glancey bryan at mobilearmor.com
Wed Dec 27 05:37:05 MST 2006 

FIPS 140-2 Level one (which is the highest software level that does not
require specification of hardware) is required for all US government.

More official information regarding FIPS can be found at :
http://csrc.nist.gov/cryptval/

 

 Common Criteria is also highly desired at a level of at least EAL 3
with a strong preference for EAL 4 ( which is the highest
internationally recognized certification level)

More official information regarding Common Criteria can be found at:
http://www.commoncriteriaportal.org/

 

IF you are interested in the financial area, the corresponding
certification of interest is the BITS certification - which corresponds
to the Common Criteria certification. More information can be found at: 

http://www.bitsinfo.org/index.html

 

 

Mobile Armor

Bryan E. Glancey

Co - Founder & Chief Technology Officer

bryan at mobilearmor.com

400 South Woods Mill Rd.

Suite 110

Chesterfield, MO 63017

tel: 877-276-6778

fax: 877-277-7369

mobile: 314-495-2048

http://www.mobilearmor.com/

------------------------------------

________________________________

From: fde-bounces at www.xml-dev.com [mailto:fde-bounces at www.xml-dev.com]
On Behalf Of mr carboni
Sent: Tuesday, December 26, 2006 9:10 PM
To: fde at www.xml-dev.com
Subject: Re: [FDE] How important is FIPS 140-2 Level 1 cert

 

Hello -

The way I've understood it is the FIPS 140-2 level 'X' is Mandated
towards the USA Financial and now US Gov markets <recongnized in EU and
AU>.  It is a detailed standard that ensures Crypto products can do what
they state -  but still only 'required' in the US market.  The
International Community is now relying on CC (common criteria) for a
wider range of Evaluation Assured Levels.

So to answer the original question - the FIPS 140-2-L2 product underwent
a more stringent set of testing - so go for that product.   But also
look for other Certifications

here is a tid-bit from Corsec:

http://www.corsec.com/docs.php

There are three different validations that products can receive: 

*  The International Common Criteria for Information Security Technology
Evaluation Mutual Recognition Arrangement; 

*  The National Security Agency (NSA)/National Institute of Standards
and Technology (NIST) National Information Assurance Partnership (NIAP)
Evaluation and Validation Program; or 

*  The NIST Federal Information Processing Standard (FIPS) validation
program.

 __________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.xml-dev.com/pipermail/fde/attachments/20061227/7fdd1b7f/attachment-0001.html

More information about the FDE mailing list