FIPS 140-2: Frequently asked questions

• What is FIPS?
• What is FIPS PUB 140-2?
• What is a cryptographic module?
• Why should I certify my cryptographic module?
• What are the main concepts of FIPS 140-2?
• How can I get a copy of the standards?
• If my cryptographic module is compliant with the standard is it guaranteed to be secure?
• Is there a list of modules currently being validated?

Testing

• Why do we need independent testing?
• Who does independent testing?
• Who accredits the laboratories?
• How long does it take to get a cryptographic module certified?
• Can software on a PC undergo conformance testing and validation?
• What documentation and evidence do I need to supply to the lab?
• Is my confidential information kept confidential?

Validation and Certification

• What is the CMVP?
• What is validation?
• How much does FIPS 140-2 certification cost?
• What are the requirements for the certification?
• How long is a certificate valid?
• Will I be supervised by the CMVP?
• More questions?

What is FIPS?
FIPS stands for Federal Information Processing Standard.

Under the Information Technology Management Reform Act (Public Law 104-106), the Secretary of Commerce approves standards and guidelines that are developed by the National Institute of Standards and Technology (NIST) for Federal computer systems. These standards and guidelines are issued by NIST as Federal Information Processing Standards (FIPS) for use government-wide. NIST develops FIPS when there are compelling Federal government requirements, such as for security and interoperability, and there are no acceptable industry standards or solutions.

This page lists all of the FIPS standards: http://csrc.nist.gov/publications/PubsFIPS.html

[up] 

What is FIPS PUB 140-2?
FIPS Publication 140-2: Security requirements for cryptographic modules is published by NIST. It was last updated on December 03, 2002 and provides the basis for testing, validation and ultimately certification of cryptographic modules. It is currently under review by NIST with a new version of the document. FIPS PUB 140-3 being planned to be published in 2009.

[up] 

What is a cryptographic module?
According to FIPS 140-2, a cryptographic module is “the set of hardware, software, and/or firmware that implements Approved security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary.”

[up] 

Why should I certify my cryptographic module?
Having your module certified as compliant with the standard will make it eligible to be used by Federal Agencies that specify cryptography.

The Federal Information Security Management Act (FISMA) of 2002 removed the statutory provision that allowed agencies to waive mandatory Federal Information Processing Standards (FIPS). The waiver provision is included in the Computer Security Act of 1987 but FISMA supercedes that Act. Therefore, the references to the "waiver process" contained in many of the FIPS listed below are no longer operative.

If an agency specifies that information or data be cryptographically protected, then FIPS 140-2 is applicable. FIPS 140-2 precludes the use of cryptography that has not been validated for the cryptographic protection of sensitive or valuable data within Federal systems.

More information on this topic can be found at http://www.itl.nist.gov/fipspubs/

In addition, the Cryptographic Module Validation Program analyzed the data from the first 164 modules tested. They found that 50% of modules were found to have security flaws. 25% of the algorithms used were found to be incorrectly implemented.

[up] 

What are the main concepts of FIPS 140-2?
The FIPS 140-2 standard specifies the security requirements that need to be satisfied by a cryptographic module that is utilized within a security system protecting sensitive but unclassified information.

In order to cover the full range of potential applications and environments in which cryptographic modules may be employed, four increasing, qualitative levels of security are defined. These are named Level 1, Level 2, Level 3, and Level 4.

The security requirements cover areas related to the secure design and implementation of a cryptographic module, and each area is assessed at a security level.

The areas included are:

• cryptographic module specification;
• cryptographic module ports and interfaces;
• roles, services, and authentication;
• finite state model;
• physical security;
• operational environment;
• cryptographic key management;
• electromagnetic interference/electromagnetic compatibility (EMI/EMC);
• self-tests;
• design assurance;
• mitigation of other attacks.

[up] 

How can I get a copy of the standards?
The standards are freely available at:

• http://csrc.nist.gov/groups/STM/index.html
• http://www.itl.nist.gov/fipspubs/

[up] 

If my cryptographic module is compliant with the standard is it guaranteed to be secure?
Certified compliance with the standard certainly increases the assurance that you can draw from the cryptographic module. This fact is highlighted when you consider that nearly 50% of modules were found to have security flaws, and around 25% of the cryptographic algorithms were found to be incorrectly implemented.

However, there are no absolute guarantees.

[up]

Is there a list of modules currently being validated?
The list of FIPS 140-1 and FIPS 140-2 Modules In Process List is published by the CMVP and is updated weekly.

You can find the list here:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf

An explanation of the list and the terminology used is found here:
http://csrc.nist.gov/groups/STM/cmvp/inprocess.html

[up]

Testing

Why do we need independent testing?
Successful encryption depends on the mathematical algorithms chosen, the security capabilities of the technology on which these algorithms are implemented, the secure storage and handling of the keys used, and on the environment in which the encryption module is operated.

While the strength of the standard algorithms is known, the technology on which they are implemented must be assured.

[up] 

Who does independent testing?
The CMVP accepts test results for validation from laboratories that are accredited by NVLAP for cryptographic module testing. This accreditation is earned after full review of the laboratories’ QMS, and passing of the technical proficiency tests.

[up] 

Who accredits the laboratories?
The National Voluntary Laboratory Accreditation Program (NVLAP)

http://ts.nist.gov/ts/htdocs/210/214/214.htm

[up] 

How long does it take to get a cryptographic module certified?
The time taken to complete testing and validation depends on several
factors.

Assuming that we have a completed module that conforms to the
specifications testing can vary between as little as 8 weeks up to a
year or more laboratory time.

Before entering testing you should consider the following factors which
will effect the time taken:

• The design and development of the module with consideration of the FIPS 140-2 specification.
• The completeness and correctness of the documentation.
• The novelty of the technology. (technology novel to the CMVP might equire new implementation guidance.)
• The size and complexity of the module
• The security level at which testing will take place
• The resources allocated for testing by the laboratory
• The resources allocated by the developer/sponsor
• Have the cryptographic algorithms already been validated

For the validation by the CMVP subsequent to testing by the laboratory consider also that there is time required by the CMVP for their validation activities. This varies, but can add a few months to the schedule.

[up] 

Can software on a PC undergo conformance testing and validation?
The process applies to the cryptographic module as a whole. In the case of a PC running a software cryptographic module program, the PC itself, the operating system, and the cryptographic software are all considered part of the module and are tested together.

[up] 

[up] 

Is my confidential information kept confidential?
Absolutely. Of course we are security professionals and atsec takes this issue very seriously. Our laboratories and consultancy are the first to be certified as compliant with BS 7799-2 and our security procedures are independently verified.

[up] 

Validation and Certification

What is the CMVP?
The CMVP was established by NIST and the Communications Security Establishment (CSE) of the Government of Canada in July 1995. All of the tests under the CMVP are handled by third-party laboratories that are accredited as Cryptographic and Security Testing (CST) laboratories by the National Voluntary Laboratory Accreditation Program (NVLAP).

The web site is at http://csrc.nist.gov/cryptval/

[up] 

What is validation?
The Cryptographic Module Validation Program (CMVP) is responsible for maintaining the FIPS 140-2 standard and ensuring that certified modules comply with it. It is this latter responsibility from which the program finds its role as validator. It ensures that the testing performed by the laboratory has been carried out correctly.

[up] 

How much does FIPS 140-2 certification cost?
Of course the answer varies, but many people ask us this question. There are a few components to the cost and these are explained below:

Preparation:
There is a cost associated with preparing your product for conformance with the standard. Factors for this cost rely on your experience with designing a product to conform with the standard. If you are experienced at this the costs are likely to be lower. Consider that there are some specialised documents to be developed including the Security Policy and the Finite State Model. Consider also that if your product does not conform to the requirements of the standard then this may well mean design changes and further development cycles. Typical areas of non-conformity include the proper implementation of self-tests, key management issues and physical security specifications.

Support:
Many companies, especially on the first time through a FIPS 140- validation project find that they need support in interpreting the standard, training, the content of the Security Policy.

Formal Laboratory testing:
This varies based on the nature of the module. For example:

• A Hardware module incurs extra costs for physical security testing.
• The chosen Security Level increases costs to the lab as at the higher security levels more testing is needed and the laboratory costs rise.
• The number of security functions that need implementation validation may increase charges if there are many of them.
• The number of platforms that testing is performed on.

NIST CMVP Cost Recovery Fee:
These are costs incurred directly by the developer to NIST. A laboratory may offer to include these in the overall laboratory fees and pay NIST directly on behalf of the devloper.

(From http://csrc.nist.gov/groups/STM/cmvp/notices.html)
Cost recovery is a fee levied by NIST for the validation tasks and the program management responsibilities performed at NIST by the CMVP. There are two fees applicable to cost recovery: Base and Extended. The Base fee is applicable to all validation test reports received by NIST CMVP under FIPS 140-2 IG G.8-5 (new module) where the vendor has contracted with an CMT Laboratory after July 18, 2002. The Extended fee is applicable to all validation test reports received by NIST CMVP under FIPS 140-2 IG G.8 (all five change scenarios) that are in REVIEW PENDING in the NIST CMVP queue as of October 19, 2006.

The fees vary by overall Security Level:

• Security Level 1: Base fee: $2750, Extended fee: $1250
• Security Level 2: Base fee: $3750, Extended fee: $1750
• Security Level 3: Base fee: $5250, Extended fee: $2250
• Security Level 4: Base fee: $7250, Extended fee: $3500

The Extended fee is applicable when a validation test report requires significant additional effort by the validators. A number of factors may lead to the application of the Extended fee for a test report that is received by the CMVP from the testing CMT Laboratory. For example: the test report review uncovered a non-compliance to the standard that was not identified by the CMT Laboratory; a test report is received incomplete (Refer to FIPS 140-2 IG G.2) and this is determined once the report has moved to IN REVIEW; the quality of the received test report is unacceptable; or the review and COORDINATION took significant additional effort. The CMVP may impose the Extended fee for a particular report on other specific conditions as applicable.

Revalidation Costs:
These may be incurred in the future as you develop your product further and need to maintain the FIPS 140-2 certific

[up] 

• A contract and NDA
• A list of the documentation requirements is given in Appendix A of the standard at http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf and at on the atsec website.
• In addition we need access to your module and its platform(s)

[up] 

How long is a certificate valid?
A certificate is valid for the lifetime of that version of the product.

[up] 

Will I be supervised by the CMVP?
No, the lab is supervised by the CMVP.

In general the laboratory acts as your advocate to the CMVP. The lab will ensure that the tests are performed correctly and will resolve any questions or issues with you in order to present a complete report to the CMVP for validation.

atsec is committed to helping vendors and sponsors successfully certify their modules as compliant with FIPS 140-2 and will explain any problems discovered.

Resolutions often include

• provision of additional documentation
• changing the target security level for that area
• implementing minor product design changes

Often resolution of minor problems will not disrupt the schedule or the total cost.

[up] 

More questions?
Check out the CMVP FAQ at
http://csrc.nist.gov/cryptval/140-1/CMVPFAQ.pdf

[up]