Play all

Intro

Objectives for this briefing

What is FIPS? Why is it important?

Challenges with FIPS 140-2 module validations

FIPS lab customer feedback hotline ...

How has CMVP coped with passage of time?

How have labs coped with challenges?

FIPS 140-3..... Vaporware?

March 22nd, 2019 - FIPS 140-3 officially signed!

NIST SP 800-140: Important Supplemental Docs (cont'd)

What happens to the "duct tape"?

New Terms: SSPS, CSPs and PSPs

New Terms: New Output Types Defined

New Terms: Vendor Testing, Low-Level Testing & EOL

The Diff: Dash-2 vs. Dash-3 Snapshot

The Diff: Those Dang Self-tests (continued)

The Diff: Roles, Services and Authentication

The Diff: Let's get physical (Physical Security)

The Diff: Software/Firmware and OS Security

The Diff: Actual Non-Invasive Security Requirements

The Diff: It's "Zeroisation", Not "Zeroization"!

FIPS 140-3 transition: Important dates

Apply: Can I achieve BOTH FIPS 140-2 and FIPS 140-3?

Apply: In closing, points to remember ...

Apply: How to stay in the loop?

Description:

Explore the key changes and implications of the new FIPS 140-3 cryptographic module validation standard in this 46-minute conference talk from RSA Conference. Delve into the differences between FIPS 140-2 and FIPS 140-3, examining new terminology, testing requirements, and security considerations. Learn about the transition timeline, the fate of existing FIPS 140-2 certificates, and how to navigate the validation process under the new standard. Gain insights into the challenges faced by labs and the Cryptographic Module Validation Program (CMVP) in adapting to evolving security needs. Discover practical advice for staying informed and preparing for the FIPS 140-3 transition, with a focus on its impact on cryptographic module development and certification.

You, Me and FIPS 140-3 - A Guide to the New Standard and Transition

RSA Conference

Add to list

#Conference Talks #RSA Conference #Computer Science #Cryptography #Symmetric Encryption #Asymmetric Encryption #Hashing

0:00 / 0:00