Satisfy FIPS 140-2 Standards for Cloud Encryption & Preserve Functionality
Meeting FIPS 140-2 Requirements
The Federal Information Processing Standard 140-2 (FIPS 140-2) standard is an information technology security accreditation program for validating that the cryptographic modules produced by private sector companies meet well-defined federal security standards. FIPS 140-2 validation is mandatory for use in government departments that collect, store, transfer, share and disseminate sensitive but unclassified (SBU) information. The FIPS 140-2 standards prohibit agencies from using unapproved cryptography on sensitive data within the Federal Government.
The FIPS encryption standards are also used extensively in many non-governmental industries, particularly manufacturing, healthcare and financial services or wherever there are federal regulations governing data security.
By enabling the use of FIPS 140-2 validated modules to protect cloud data, Blue Coat helps to eliminate the security, compliance and usability barriers that previously prevented agencies from moving to the cloud. With Perspecsys, any government agency or organization needing to comply with FIPS 140-2 encryption standards can then take full advantage of cloud applications such as ServiceNow, Oracle CRM and Salesforce.com while ensuring their sensitive data remains on premise, under their full control and in compliance with data protection regulations. Blue Coat was the first company to offer this level of data protection while simultaneously preserving critical application capabilities, such as the ability to preserve a full array of “search” capabilites on FIPS 140-2 encrypted data fields.
Important Details on FIPS 140-2 Standards
The National Institute of Standards and Technology (NIST) issues Federal Information Processing Standards (FIPS) as guidelines for use across the Federal government. These standards are developed when there are compelling Federal government needs, such as in the areas of information security and interoperability. FIPS 140-2, published in 2005, is the most recently released security cryptographic requirements and supersedes FIPS 140-1, which was published in 1994.
AES includes three different bit lengths 128, 192 and 256. AES 256 has become standard for many industries.
Cryptographic Module Validation Program
The Cryptographic Module Validation Program (CMVP) is a joint effort between NIST and the Communications Security Establishment Canada (CSEC) that validates cryptographic modules to FIPS 140 standards. Validated FIPS encryption modules are accepted by both the American and Canadian federal agencies.
Enterprises deploying FIPS 140-2 validated modules will typically see that many algorithms within the module will not be available to them when operating in FIPS mode. When using these algorithms, enterprises must take special care to assess how they impact the preservation of cloud application functionality when deployed within a Cloud Data Protection Gateway.