Why you need to use a FIPS 140-2 validated cryptomodule

From OWASP
Revision as of 14:15, 12 December 2008 by Mike.boberski (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

Why you need to use a FIPS 140-2 validated cryptomodule

The OWASP ASVS includes verification requirements that prescribe the use of a FIPS 140-2 validated cryptomodule. The applicable ASVS requirement reads in part:

"V7.1: Verify that cryptographic modules used by the application have been validated against FIPS 140-2 ..."

This is an important requirement for both public and private sector applications. A validated cryptomodule is... The requirement to use a validated cryptomodule was included in the standard to ensure that...

How to find out if the cryptomodule(s) that you are using is (are) FIPS 140-2 validated

Here is how you can find out if the cryptomodule(s) that you are using is (are) FIPS 140-2 validated...

CMVP module validation lists: http://csrc.nist.gov/groups/STM/cmvp/validation.html

How to find out if the cryptomodule(s) that you are using is (are) operating in an approved or in an allowed mode

Here is how you can find out if your validated cryptomodule(s) is (are) operating in an approved or in an allowed mode...

References

For more information...

CMVP: http://csrc.nist.gov/groups/STM/cmvp/index.html

CAVP: http://csrc.nist.gov/groups/STM/cavp/index.html

Postscript

The author of this article can be reached at boberski_michael(at)bah.com

Good luck!

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.