National Institute of Standards and Technology (NIST) FIPS 140-2 Commercial Cryptography

Setting Requirements for Design, Implementation, Validation, and Robustness in Cryptography Equipment

National Institute of Standards and TechnologyThe National Institute of Standards and Technology (NIST) Federal Information Processing Standard FIPS 140-2 for Cryptography is an internationally recognized security certification standard for commercial cryptography. Applicable to both hardware and software based cryptography, the FIPS 140-2 standard sets out the requirements related to design, implementation, validation, and robustness to ensure cryptography equipment operates as expected.

Cryptography refers to the algorithms and protocols used to secure or “hide” data from unauthorized access by means of encrypting and decrypting data. Common cryptography techniques include symmetric-key algorithms such as DES/3DES and AES, as well as public-key algorithms such as RSA. Cryptography key management is also a significant factor in the FIPS 140-2 standard.

Modern cryptography is used today in almost all forms of commerce, such as the financial markets and for internet data security, and in the defense industry for data and communications security.

The FIPS 140-2 standard provides four increasingly higher levels of security, numbered Level 1 thru Level 4, covering a wide range of security applications and environments. Level 1 covers basic security, whereas Level 4 provides the highest level of security. Most commonly, commercial FIPS 140-2 validated products are validated to Levels 2 or 3.

Equipment is evaluated independently and validation is governed by the Cryptographic Module Validation Program (CMVP), a joint venture between the NIST in the United States, and the Communications Security Establishment (CSE) in Canada.

Curtiss-Wright Defense Solutions offers a range of products designed to the FIPS 140-2 standard. Some of these products include:

COTS data recorders with FIPS 140-2 encryption provide secure lockdown (September 10, 2013)
Curtiss-Wright Defense Solutions’ 1TB 3U VPX Flash Storage Card Receives NIST Cryptographic Security Certification (June 19, 2012)
Curtiss-Wright's VPX3-685 3U OpenVPX™ SecureRouter Registered for NIST Cryptographic Validation (March 21, 2011)