SafeLogic Blog

What Is FIPS 140-2 & Why Does It Matter?

Written by Ray Potter | Mar 13, 2018 8:01:59 PM

[Originally published on Carbon Black's blog on March 8, 2018.]

Carbon Black has just announced the successful FIPS 140-2 validation of their Carbon Black Cryptographic Module and availability within their Cb Response and Cb Protection products. Our team at SafeLogic is extremely proud to power that effort and in the spirit of our partnership, I’m here to explain what FIPS 140-2 is and why it’s a big deal.

In 1995, NIST (the U.S. National Institute of Standards and Technology) and their Canadian counterpart CSE (Communications Security Establishment) teamed up to establish the mechanisms for testing and certifying that the FIPS 140 benchmark had been met. NIST and CSE employees staff the CMVP (Cryptographic Module Validation Program) and CAVP (Cryptographic Algorithm Validation Program), which cooperate with independent third party testing labs. While the labs conduct functional testing, it is the CMVP that ultimately reviews the results and issues the FIPS 140 validation. This formalized the process into the certification system we know today.

Read the rest of this blog post at CarbonBlack.com!