FIPS 140-2 Validated Crypto Modules, v1.0

This Trustmark Definition defines the conformance and assessment criteria for the use of cryptographic modules validated to the Federal Information Processing Standard (FIPS) 140-2 standard.

Assessment Steps (3)

1
FIPS-140-Cryptography-XML-Step (FIPS_140_Cryptography_XML_Step)

Do the organization's IdPs and RPs use only [FIPS 140] validated cryptographic modules and algorithms for XML signing and encryption? Answer "No" if any non-FIPS-140-2 modules are used.

Artifact
FIPS-140-Cryptography-XML

Identify all cryptographic modules and algorithms used by the organization's IdPs and RPs to perform XML signing and encryption and provide evidence of the FIPS-140-2 certification for each.

2
FIPS-140-Cryptography-TLS-Step (FIPS_140_Cryptography_TLS_Step)

Do the organization's IdPs and RPs use only [FIPS 140] validated cryptographic modules for their TLS implementations? Answer 'No' if any non-FIPS-140 modules are used.

Artifact
FIPS-140-Cryptography-TLS

Identify all cryptographic modules and algorithms used by the organization's IdPs and RPs to support TLS connections and provide evidence of the FIPS-140-2 certification for each.

3
FIPS-140-Cryptography-TLS-Algorithms-Step (FIPS_140_Cryptography_TLS_Algorithms_Step)

Do the organization's IdP and RP TLS endpoints support only [FIPS 140] approved algorithms for TLS connections? Answer 'No' if any non-FIPS-140 algorithms are supported.

Artifact
FIPS-140-Testing

Examine all applicable endpoints either manually or with automated tools such as (SSLAudit and SSLScan) to confirm that only FIPS-140 approved algorithms are accepted. Answer 'No' if any of the subject TLS endpoints successfully negotiates any non-FIPS-140 algorithm

Conformance Criteria (3)

FIPS-140-Cryptography-XML

Cryptographic modules that provide encryption and/or digital signatures for XML signing and encryption SHALL conform to FIPS 140-2.

Citations
NIST-CMVP
FIPS-140-2
FIPS-140-Cryptography-TLS

Cryptographic modules that provide encryption and/or digital signatures for TLS implementations SHALL conform to FIPS 140-2.

Citations
FIPS-140-2
NIST-CMVP
FIPS-140-Cryptography-TLS-Algorithms

TLS connections SHALL only support cryptographic algorithms that conform to FIPS 140-2.

Citations
FIPS-140-2
NIST-CMVP

Metadata

Publication Date 2017-05-18
Trustmark Reference Attribute https://artifacts.trustmarkinitiative.org/lib/trustmark-definitions/fips-140-2-validated-crypto-modules/1.0//trustmark-reference/
Issuing Organization
No Responder support@trustmarkinitiative.org 404-407-8956 75 5th Street NW, Suite 900, Atlanta, GA 30308
Keywords FIPS 140-2, FICAM, Validated Cryptographic Module, TLS, SHA, AES, XML,
Supersedes
Issuance Criteria
yes(ALL)
Assessment Step Preface

Assessment Steps

Target Stakeholder Organizations and relying parties concerned about FIPS 140-2 compliance.
Target Recipient Organizations that desire to provide and/or consume FIPS 140-2 compliant services.
Target Relying Party Relying parties that require FIPS 140-2 compliance.
Target Provider Trustmark Providers that evaluate organizations for FIPS 140-2 compliance.
Provider Eligibility Criteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
Assessor Qualifications Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
Trustmark Revocation Criteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
Extension Description This Trustmark Definition requires no extension data.
Legal Notice This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Sources (2)

Terms (3)

Term Name Abbreviations Definition
FIPS

Federal Information Processing Standard

NIST

National Institute of Standards and Technology

XML

Extensible Markup Language

Also available as XML or JSON