I’m happy to announce that we’ve received our FIPS 140-2 certification! This is an important certification that is required for federal agencies for applications that use encryption to protect sensitive information.
The National Institute of Standards and Technology (NIST) is the body that defines the technology criteria, and has a cryptographic module validation program (CMVP) that provides the certification. Only thirteen laboratories in the world are able to test and verify that a cryptography module will pass the stringent CMVP process, and it can take over a year to achieve.
Some of the aspects of FIPS 140-2 include:
- Security policy
- Finite State Machine
- Software modules description
- Source code within the cryptographic boundaries
- Key management lifecycle
- Algorithm conformance