FIPS 140-2 is a standard published by the U.S. National Institute of Standards and Technology (NIST) to ensure security, quality and compatibility of online services.
Regulates the Security, Quality and Compatibility of Online Services
FIPS 140-2 is a standard first published in 2001 by the U.S. National Institute of Standards and Technology (NIST), a non-regulatory agency of the U.S. Department of Commerce. NIST works to establish various standards that the U.S. military and various government agencies must abide by. Vendors, contractors, and any organization working with government or military must comply with FIPS as well.
The Canadian government also has policies requiring FIPS-validated software, and it cooperates with NIST in establishing FIPS standards. FIPS includes standards regarding the formatting of location and personal identification information, encryption algorithms, key storage, and other data processing areas. FIPS purpose is to ensure the security, quality, and processing compatibility of various services in an easily-verified way.
Four Levels of FIPS Security
- Level 1: According to the FIPS specification, "allows the software and firmware components of a cryptographic module to be executed on a general purpose computing system using an unevaluated operating system." Users can run this level of security on ordinary hardware.
- Level 2: Requires role-based authentication, seals that provide evidence of any physical tampering, and includes requirements regarding the software's operating system.
- Level 3: Adds a number of requirements to Level 2, including physical tamper resistance.
- Level 4: Adds more stringent tamper resistant requirements, plus resistance to environmental hazards
IT professionals working in FIPS regulated environments turn to Ipswitch's MOVEit Managed File Transfer and WS_FTP products to enforce FIPS standards.