Tuesday, June 12, 2007

FIPS compliance Security Crypto Module

Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States Federal government for use by all non-military government agencies and by government contractors. Many FIPS standards are modified versions of standards used in the wider community (ANSI, IEEE, ISO, etc.)


The National Institute of Standards and Technology (NIST) issued the 140 Publication Series to coordinate the requirements and standards for cryptographic modules which include both hardware and software components for use by departments and agencies of the United States federal government. FIPS 140 does not purport to provide sufficient conditions to guarantee that a module conforming to its requirements is secure, still less that a system built using such modules is secure. The requirements cover not only the cryptographic modules themselves but also their documentation and (at the highest security level) some aspects of the comments contained in the source code.

http://en.wikipedia.org/wiki/FIPS_140
http://en.wikipedia.org/wiki/Federal_Information_Processing_Standard

Sun's Cryptographic Accelerator 6000 provides exactly such a storage mechanism and API/tool set. The Cryptographic Accelerator is available for Solaris (SPARC and x86/x64) and Linux and is FIPS 140-2 Level 3 certified. It's key storage mechanism is also RF shielded and tamper-proof. It's probably one of the fastest cards on the market for accelerating SSL, IPsec/IKE and other general crypto and it's inexpensive (less than $1500 list).

http://www.sun.com/products/networking/sslaccel/suncryptoaccel6000/details.xml

No comments: