FIPS-140-3 Draft available

FIPS 140-3 represents the Security requirements for cryptographic modules and is a revision to FIPS 140-2, so all you security vendors who target the Government/Federal vertical (and who doesn’t claim to, just like financial services) take note. In the Overview section is some brief information on the additions in 140-3 The draft includes this quick summary of changes from the overview section, see the draft for additional information (here)

FIPS 140-3 adds an additional security level and incorporates extended and new security features that reflect recent advances in technology. In FIPS 140-3, each of the eleven requirement areas in redefined. Software requirements are given greater prominence in a new area dedicated to software security, and an area specifying requirements to protect against non-invasive attacks is provided.

The D-Kriptik Blog has a lenghty write-up (here) and clearly a lot more time than I do 😉


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s