Presentation is loading. Please wait.

Presentation is loading. Please wait.

FIPS 140-3 Status and Schedules Allen Roginsky CMVP NIST September 28, 2005.

Published byRuby Marshall Modified over 9 years ago

Similar presentations

Presentation on theme: "FIPS 140-3 Status and Schedules Allen Roginsky CMVP NIST September 28, 2005."— Presentation transcript:

1 FIPS 140-3 Status and Schedules Allen Roginsky CMVP NIST September 28, 2005

2 Agenda History of FIPS 140 Motivation for change Areas of change What will not change Schedules Previous validations

3 History of FIPS 140 Federal Standard 1027 –General Security Requirements for Equipment using DES FIPS 140 FIPS 140-1 (11 January 1994) FIPS 140-2 (25 May 2001) –Security Requirements for Cryptographic Modules

4 History of FIPS 140 Federal Standard 1027 FIPS 140 FIPS 140-1 FIPS 140-2 General Security Requirements for Equipment using DES Very hardware oriented Restrictive

5 History of FIPS 140 Federal Standard 1027 FIPS 140 FIPS 140-1 FIPS 140-2 Security Requirements for Cryptographic Modules Cover change for the FED STD 1027

6 History of FIPS 140 Federal Standard 1027 FIPS 140 FIPS 140-1 FIPS 140-2 Security Requirements for Cryptographic Modules Start giving flexibility to the vendors Still hardware oriented Start recognizing software modules

7 History of FIPS 140 Federal Standard 1027 FIPS 140 FIPS 140-1 FIPS 140-2 Security Requirements for Cryptographic Modules Re-organized FIPS 140-1 Clarified some requirements Incorporation of refinements contained in Implementation Guidance Introduction of Design Assurance

8 Motivation for Change U.S. Federal Requirement –Must be reviewed every 5 years Tremendous technology advances –Standard is becoming out of date –Difficult to generically apply to new technologies Protection for more sensitive information Requirement improvements and strengthening Refinements and corrections

9 Areas of Change New security levels Special attention to software cryptographic modules Roles and services, authentication –No maintenance role Cryptographic key life cycle –key establishment and distribution: new standards –random number generator requirements

10 Areas of Change Physical security Self-tests –Power-up, module integrity checks –Conditional tests Security policy –Realign with what users need

11 FIPS 140-2 and FIPS 140-3 Cryptographic Module Specification Cryptographic Module Ports and Interfaces Roles, Authentication, and Services Finite State Module Physical Security Operational Environment Cryptographic Key Management EMI/EMC Self Tests Implementation Assurance Mitigation of Other Attacks Cryptographic Module Specification Cryptographic Module Ports and Interfaces Roles, Authentication, and Services Software Security Physical Security Operational Environment Sensitive Security Parameter (SSP) Management Self Tests Implementation Assurance Mitigation of Other Attacks

12 Highlights Two New Security Levels SPA at Level 3 Software Security Section EMI at Level 5 Detached from CC SSPs, CSPs and PSPs Key Management Clarified Pre-operational tests Significant Changes to Almost Every Section

13

14 Milestones Public Comment on FIPS 140-2 –Federal Registry Notice CMVP Prepares Draft #0 FIPS 140-3 –Use received comments –Incorporate new requirements Draft #0 Sent to Testing Labs Start Date Jan 05 Apr 05 Length 3 months 4 months Sep 05

15 Milestones CMVP Publishes FIPS 140-3 Draft #1 for Public Comment –Use received comments FIPS 140-3 Approval process FIPS 140-3 Approved ! FIPS 140-3 in effect ( + 6 mo) FIPS 140-2 retires Start Date Nov 05 Feb 06 May 06 Length 3 months Sept 06 Mar 06 Sep 07

16 Concurrent Activities Implementation Guidance for FIPS 140-3 and Derived Test Requirements for FIPS 140-3 should be issued Vendor and Lab education NVLAP Publication 150-17

17 Status of Previous Validations Validations to FIPS 140-1 and FIPS 140-2 will still be recognized Migration path from previous validations to FIPS 140-3 will be defined –similar to (FIPS 140-1 to FIPS 140-2)

18 Conclusion FIPS 140-3 development is on the way Public is involved in the development process Watch the CMVP website –WWW.NIST.GOV/CMVP

Download ppt "FIPS 140-3 Status and Schedules Allen Roginsky CMVP NIST September 28, 2005."

Similar presentations

An Institutionally Secure Integrated Data Environment (INSIDE) By University of St Andrews & University of Durham Original Aims –the development of a sustainable.

An Institutionally Secure Integrated Data Environment (INSIDE) By University of St Andrews & University of Durham Original Aims –the development of a sustainable.
1 ANSI/EIA - 748 - A - 1998 STANDARD Earned Value Management Systems Proposed Changes Discussion January 31, 2007 NDIA Program Management Systems Committee.

1 ANSI/EIA A STANDARD Earned Value Management Systems Proposed Changes Discussion January 31, 2007 NDIA Program Management Systems Committee.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Software Quality Assurance Plan

Software Quality Assurance Plan
7 Chapter 7 The University Lab: Conceptual Design Hachim Haddouti.

7 Chapter 7 The University Lab: Conceptual Design Hachim Haddouti.
7 Chapter 7 The University Lab: Conceptual Design Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.

7 Chapter 7 The University Lab: Conceptual Design Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.
NIST Cryptographic Standards Process Review Tim Polk NIST November 7, 2013.

NIST Cryptographic Standards Process Review Tim Polk NIST November 7, 2013.
Larry Wagner Sr. Director of Engineering

Larry Wagner Sr. Director of Engineering
Dean Fortin – Massachusetts WIC 23 July 2014. System Testing Objectives  Verify hardware  Verify software  Verify hardware/software interaction  Verify.

Dean Fortin – Massachusetts WIC 23 July System Testing Objectives  Verify hardware  Verify software  Verify hardware/software interaction  Verify.
Software Hardening & FIPS 140 Eugen Bacic & Gary Maxwell September 27th, 2005.

Software Hardening & FIPS 140 Eugen Bacic & Gary Maxwell September 27th, 2005.
FIPS 140-3 Section 5 – Physical Security Randall J. Easter Director, NIST CMVP Ken Lu CSE CMVP September 28, 2005.

FIPS Section 5 – Physical Security Randall J. Easter Director, NIST CMVP Ken Lu CSE CMVP September 28, 2005.
1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.

1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.
October 3, 20031 Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.

October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.
TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL

TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting
ISB Notice and preparing for the implementation of the new IAPT Data Standard Shaun Crowe Mental Health, Employment and IAPT Mental Health Collaborative.

ISB Notice and preparing for the implementation of the new IAPT Data Standard Shaun Crowe Mental Health, Employment and IAPT Mental Health Collaborative.
Project Plan The Development Plan The project plan is one of the first formal documents produced by the project team. It describes  How the project will.

Project Plan The Development Plan The project plan is one of the first formal documents produced by the project team. It describes  How the project will.
State Milestones Subsidized Insurance Workgroup High Level Timeline 2011 Jan 2011 Feb 2011 Mar 2011 Apr 2011 May 2011 Jun 2011 Jul 2011 Aug 2011 Sept 2011.

State Milestones Subsidized Insurance Workgroup High Level Timeline 2011 Jan 2011 Feb 2011 Mar 2011 Apr 2011 May 2011 Jun 2011 Jul 2011 Aug 2011 Sept 2011.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Testing - an Overview September 10, 2008 1. What is it, Why do it? Testing is a set of activities aimed at validating that an attribute or capability.

Testing - an Overview September 10, What is it, Why do it? Testing is a set of activities aimed at validating that an attribute or capability.

Similar presentations

Ads by Google