Vulnerabilities and FIPS 140-3

James Ramage FIPS 140-3

Our previous article discussed how vulnerabilities are dealt with under the Common Criteria certification program in North America. All commercial product assurance programs deal with flaws and vulnerabilities in different ways, often with overlapping requirements, techniques and outcomes. In this …

FIPS 140-3 Is Here!

Jason Lawlor and James Ramage FIPS 140-3

The countdown is on. As of September 22, 2021, FIPS 140-2 will be sunset and only FIPS 140-3 validations can be submitted to the Cryptographic Module Validation Program (CMVP). In this latest post, we cover the key differences in the …

NIST 800-90B Concepts

James Ramage Entropy, FIPS 140-2, FIPS 140-3

The claimed entropy source for a FIPS 140 validated module now requires compliance to NIST SP800-90B. This means that any cryptographic module going through FIPS 140-2 or FIPS 140-3 validation needs to adhere to NIST implementation guidance 7.18 – Entropy …