National Institute of Standards and Technology (NIST) FIPS 140-2 Commercial Cryptography
Setting Requirements for Design, Implementation, Validation, and Robustness in Cryptography Equipment
The National Institute of Standards and Technology (NIST) Federal Information Processing Standard FIPS 140-2 for Cryptography is an internationally recognized security certification standard for commercial cryptography. Applicable to both hardware and software based cryptography, the FIPS 140-2 standard sets out the requirements related to design, implementation, validation, and robustness to ensure cryptography equipment operates as expected.
Cryptography refers to the algorithms and protocols used to secure or “hide” data from unauthorized access by means of encrypting and decrypting data. Common cryptography techniques include symmetric-key algorithms such as DES/3DES and AES, as well as public-key algorithms such as RSA. Cryptography key management is also a significant factor in the FIPS 140-2 standard.
Modern cryptography is used today in almost all forms of commerce, such as the financial markets and for internet data security, and in the defense industry for data and communications security.
The FIPS 140-2 standard provides four increasingly higher levels of security, numbered Level 1 thru Level 4, covering a wide range of security applications and environments. Level 1 covers basic security, whereas Level 4 provides the highest level of security. Most commonly, commercial FIPS 140-2 validated products are validated to Levels 2 or 3.
Equipment is evaluated independently and validation is governed by the Cryptographic Module Validation Program (CMVP), a joint venture between the NIST in the United States, and the Communications Security Establishment (CSE) in Canada.
Curtiss-Wright Controls Defense Solutions offers a range of products designed to the FIPS 140-2 standard. Some of these products include:
- Vortex 3U VPX Flash Storage Module (FIPS 140-2 Validated - certificate #1885)
- Vortex Compact Network Storage - 1/2 ATR network file server
- Vortex Data Transport System - DZUS network file server
- VPX3-685 3U VPX Secure Ethernet Router
COTS data recorders with FIPS 140-2 encryption provide secure lockdown (September 10, 2013)
Curtiss-Wright Controls Defense Solutions’ 1TB 3U VPX Flash Storage Card Receives NIST Cryptographic Security Certification (June 19, 2012)
Curtiss-Wright Controls’ VPX3-685 3U OpenVPX™ SecureRouter Registered for NIST Cryptographic Validation (March 21, 2011)