Home

FIPS/NIST

Background:


The National Institute of Standards and Technology (NIST) publishes the Federal Information Processing Standards (FIPS), which relate to the standards and guidelines covered under Section 5131 of the Information Technology Management Reform Act of 1996 and the Computer Security Act of 1987.  These laws entrust NIST with the development and management of standards and guidelines as related to computer and telecommunications systems within the Federal Government.  More specifically applied to encryption, the publications NIST produces provide a standard that is used by all Federal organizations when they have a necessity for cryptographic-based security to maintain the integrity of sensitive or valuable data.


The current standard is published under this name: Security Requirements for Cryptographic Modules (FIPS PUB 140-2), and can be found, in its entirety, here: http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf


FIPS 140-2 standards are accepted by the Federal Agencies of both United States and Canada through the Cryptographic Module Validation Program (CMVP).  Through the CMVP, vendors of cryptographic modules use National Voluntary Laboratory Accreditation Program (NVLAP) accredited testing laboratories to have compliance and conformance testing.


The Advanced Encryption Standard (AES) as used in the OTPIMUS products (FIPS PUB 197) specifies a FIPS approved algorithm that can be used to protect electronic data through both encryption and decryption.  This standard may be used by Federal departments and agencies when they determine that sensitive information requires protection.  This standard is also adopted and used by non-Governmental, commercial and private organizations.


How OPTIMUS uses these standards:


The AES algorithm as currently implemented in OPTIMUS products is capable of using cryptographic keys of 256 bits to encrypt and decrypt data in blocks of 128 and 256 bits.


Even though the OPTIMUS implementation of the AES algorithm is not tested by an accredited NVLAP laboratory and thus is not considered as complying with FIPS standard 197, OPTIMUS’ solution incorporates the cryptographic rigor of the AES standard.  In addition, since cryptographic security depends on many factors besides the correct implementation of an encryption algorithm, we also refer to NIST Special Publication 800-21, as a Guideline for implementing secure cryptography in your specific application.