Developers Notes
  • Welcome
  • Developer
    • Java
      • JUnit
        • Parameterized Test
        • Introduction to WireMock
      • Maven
        • Resource Reader and Writer
        • JUnit with Maven
        • Maven Run
        • A Quick Guide to Maven Wrapper
      • Spring
        • Autowired vs Resource
        • Spring OpenFeign 사용시 https 신뢰하는 방법
        • Aspect with Annotation
        • Spring JPA에서 Tibero를 사용하기 위한 설정
        • Spring module dependency
        • Mockito
          • Autowired @Value field in Spring with Mockito
        • SpringBoot Hybernate application.yml
        • ReflectionTestUtils
        • Spring Properties File Outside jar
        • Spring @RequestParam Annotation
        • Properties with Spring and Spring Boot
        • Passing JVM Options from Gradle bootRun
        • Securing Spring Boot API With API Key and Secret
        • Why Is Field Injection Not Recommended?
        • An Overview of Identifiers in Hibernate/JPA
      • Etcs
        • BigDecimal 사용시 주의 사항
        • static factory methods common naming conventions
        • List of Lists into a List (Stream)
        • Return null in stream
        • Logging with Lombok
        • JPA
        • Big-O Java Collections
    • MySQL
      • Active Connections on MySQL
      • MariaDB-Galera
      • FOUND_ROWS
      • MySQL Group Replication Requirements
      • Data Types Explicit Default Handling
    • C/C++
      • Autotool 사용법
      • Intruduction to GNU Autotools
      • mysql
        • C Api Flow
        • MySQL Connector/C++ 8.3 Developer Guide
      • Common vulnerabilities guide for C programmers
      • HTTP in C++
      • JSON in C++
      • How to get memory usage at runtime using C++?
      • How to get time in milliseconds using C++ on Linux?
      • Sleep Functions in C++
      • Calculate Cpu Usage on Linux as Top
    • CryptoGraphy
      • 인증 기관(CA;Certificate Authority) 구성하고 인증서 발급하기
      • KeyTool Import PrivateKey, Certificate
      • Java Keytool 사용법
      • PKCS, Public Key Cryptography Standard
      • CER/DER/CRT/CSR 형식 파일이란?
      • FIPS 140-2
      • SSL 인증서 발급
      • 사용법, tip 정리
      • OpenSSL
        • OpenSSL guide
        • Openssl RSA Private Key Encrypt
      • How to Read PEM File to Get Public and Private Keys
    • PKCS#11 API
      • PKCS#11 API-강좌1
      • PKCS#11 API-강좌2
      • PKCS#11 API-강좌3
      • PKCS#11 API-강좌4
      • PKCS#11 API-강좌5(C 언어로 된 Sample Code)
      • PKCS#11 API-강좌6(EC Key 생성 및 Signing)
    • Warehouse of PKI
    • GoLang
      • go-cshared-examples
      • Fun building shared libraries in Go
      • Golang time
      • Encoding Json
  • OpenSSL
    • OpenSSL Document
      • openssl-req
      • x509v3_config
      • Openssl Example
    • Creating a Self-Signed Certificate With OpenSSL
    • Openssl 3.x Provider
      • Writing OpenSSL Provider Skeleton
    • OpenSSL Certificate Command
  • DevOps
    • Docker
      • Environment Variables for MariaDB or MySQL Docker
      • Container Technology, Docker
      • Docker Trouble Shooting
      • Docker BuildKit
      • How to clear Docker cache and free up space on your system
    • Cloud
      • Serverless Architecture
      • AWS
        • AWS 주요 자습서 Link
        • Diagram-as-code for AWS architecture.
        • AWS Architecture icon
      • Install MariaDB Galera by Helm
      • Jenkinsfile VIM syntax highlighting
      • Cloud Development Kit for Kubernetes
    • VM
      • vagrant를 사용한 vm 설치 방법
    • Etcs
      • Logstash
        • Installing Logstash
        • Configuration Logstash Output
      • Rancher Install
      • Install ELK
      • Simpler Tool for Deploying Rancher
    • Ubuntu
      • Install SFTP Client
  • Etcs
    • Etcs
      • Useful Tools
      • Links
      • Entertainment
Powered by GitBook
On this page
  • What Is FIPS?
  • What Is FIPS 140-2?
  • Intrusion Prevention
  • Identity-Based Authentication
  • Physical or Logical Separation
  • Opsrating System Requirements
Edit on GitHub
  1. Developer
  2. CryptoGraphy

FIPS 140-2

PreviousCER/DER/CRT/CSR 형식 파일이란?NextSSL 인증서 발급

Last updated 2 years ago

What Is FIPS?

The Federal Information Processing Standards (FIPS) are standards developed by the Nation Institute of Standards and Technology's (NIST) Computer Security Division. These standards describe document processing, encryption systems, and other IT standards to be used within non-military government agencies. Gevernment contractors are also expected to adhere to FIPS.

What Is FIPS 140-2?

is the standard used by the United States government to validate the fact that cryptographic modules and solutions (hardware and software) produces by private sector sompanies meet the NIST standards and adhere to the Fedetal Information Security Management Act of 2022 (FISMA).

The FIPS 140-2 encrypt standard defines four levels, which are:

  • Level 1: Requires that production-grade equipment and externally tested algorithms be used.

  • Level 2: Requires physical tamper-evidence and role-based authentication for hardware. Software is required to run on an Operation System (OS) approved to Common Criteria (CC) at Evaluation Assurance Level 2 (EAL2)

  • Level 3: Hardware must feature physical tamper-resistance and identity-based authentication. There must also be a physical or logical separation between the interfaces throught which cretical security parameters (CSPs) enter and leave the module. Furthermore, private keys can only enter or leave the module in an encrypted form.

  • Level 4: This is the highest level. it requires hardware to be tamper-active.This means it must erase the device's contanets upon detecting any changes in the module's normal operation condition.

Most organizations need, and therefore specify, FIPS 140-2 Level 3 certification equipment to ensure robust data protection. This level offers the best balance and compromise between dffective security and operation convenience.

Intrusion Prevention

This includes physical security mechanisms designed to detect and prevent intruders from accessing the CSPs within the cryptographic module. The mechanism must react to attempts at unauthorized access or use of the cryptographic module by automatically erasing plaintext (CSPs) within the module.

Identity-Based Authentication

This is a step ahead of the role-based authentication required in Level 2. For Level 3 compliance, it's the user's identity that must be authenticated. A simple example is that of a network requiring specific user logins as opposed to role-based logins.

Physical or Logical Separation

The input and output of plaintext CSPs must be performed using ports which are physically separated from other ports. Similar, in a virtual environment, the interfaces are to be logically separated.

Plaintext CSPs may only be input or output from the cryptographic module in an encrypted format.

Opsrating System Requirements

FIPS 140-2 Level 3 allows fir a cryotigraoguc nidyke ti be execyted on a general-purpose PC as long as its operation system meets the minimum requirements. This must also include a CC evaluation assurance of level EAL3 or higher.

FIPS 140-2