Federal agencies and departments are required to comply with FIPS 140-1, Security Requirements for Cryptographic Modules. This involves the acquisition of validated cryptographic modules (which may be incorporated in a product/application) for protecting sensitive but unclassified data. Cryptographic modules are used to provide security services such as confidentiality, integrity, and authentication. FIPS 140-1 provides users with 1) a specification of security features that are required at each security level, 2) flexibility in choosing security requirements and environments, and 3) a guide to ensuring the modules in corporate necessary security features. Accredited laboratories perform conformance testing of FIPS 140-1 modules under the Cryptographic Module Validation (CMV) Program, which is a joint effort between NIST and CSE.
Topics
Highlights of the workshop include an overview of federal cryptography, a FIPS 140-1 Tutorial, and guidance on implementing FIPS 140-1. Detailed information on how to use the standard, its impact on Federal Agencies and industry, and how agencies can impact the program will also be provided. In addition, vendors will be provide with information on how to obtain validation for their modules. Panel discussions are planned with Federal Agencies currently implementing FIPS 140-1, vendors with available validated modules, the Cryptographic Module Testing Laboratories that perform validation testing, the banking community, and an overview of prudent practices. The workshop will conclude by looking to the future with discussions of possible enhancements to the standard and other related issues.
