March 17, 2014

Build your own FIPS 140-3 survival kit

"When is FIPS 140-3 coming out?"

This is probably the question I am asked most often. It's my own fault for trying to provide my best guesses at a FIPS 140-3 schedule.

Even though my predictions have not panned out as expected, that won't deter me from attempting to be helpful.

Since the last NIST activity was to replace dates with "TBDs" on the official FIPS 140-3 schedule, my recommendation to stay ahead of the FIPS 140-3 curve is to begin building your own FIPS 140-3 Survival Kit. The first items to place in the kit are the following ISO documents:

  • ISO/IEC 19790 Security requirements for cryptographic modules
  • ISO/IEC 24759 Test requirements for cryptographic modules

ISO 19790 may be what NIST selects as the replacement standard for FIPS 140-2.  

ISO 24759 is the "DTR" (with all the ASxx.xx, VExx.xx.xx, and TExx.xx.xx statements as you know and love them).

Even though I've been through several California earthquakes, I am not able to predict when they will occur. I do know that I need to prepare for the next one. 

I am not certain that these ISO documents will be adopted by NIST, but it is a good idea to prepare. 

In earthquakes and FIPS, it's best to have a survival kit ready and not need it.

(Go to the next post in the FIPS 140-3 Survival Kit series)

Mark Minnoch is an Account Manager at InfoGard Laboratories.  During the 1989 Loma Prieta earthquake, he was in Santa Clara... under his desk.

1 comment:

  1. Thank you for taking some time to write this post. When it comes to disasters, it pays to be prepared. It means more than just having some canned goods in storage for when you’re feeling peckish; you’ll also need the best survival tools you can get. Being ready for anything that comes your way means having the best survival tools on your side, and you’re going to need to know what those tools are so that you can outlast the disaster. After all, your life is on the line. See more