Come see us at AUSA | Washington DC | October 11-13, 2021
M+ Secure features FIPS 140-2 VALIDATED Cryptographic Modules and Certified FIPS 197 Encryption Algorithms.
NIST Sets High Standards for Cryptographic Module Security Implementation
Data at Rest (DAR) security has quickly become a critical function in the deployment of Data Storage Devices.
C.O.T.S. storage vendors use terminologies such as Self-Encrypted Drive (SED) or Full-Disk Encryption (FDE), as well as Advanced Encryption Standard (AES) in the device specifications to claim compliance with DAR security requirements. Is this enough?
USA and other governments say NO. The US and Canadian authorities have set a higher security benchmark by defining the Federal Information Processing Standards (FIPS) Publication 140-2 (FIPS 140-2), the standard for defining design, implementation and operation requirements for a cryptographic module.
The FIPS 140-2 benchmark is so high that only a few SSD manufacturers have been able to successfully complete FIPS 140-2 validation. The FIPS 140-2 not only validates the encryption engine itself, but it also considers a much broader and more complex way of looking into existing ports and interfaces. It evaluates internal states of the module from a security standpoint. It checks how random the “random number generator” really is, how good the authentication algorithm is, and assesses how the Cryptographic Keys are created, managed and protected. It also includes a self-test requirement to make sure that the module verifies in real-time that all security components are still operating as they were validated. Tamper evident or anti-tamper construction is required. A number of underlying technologies require a separate NIST certifications and are pre-requisites to FIPS 140-2 validation. Notably, FIPS-197 process certifies the suitability of the encryption algorithm.
FIPS 140-2 Validated vs. ‘Compliant’ vs. ‘Eligible’ vs. ‘Designed to Meet’
“FIPS validated” is the only phrase that describes acceptance by NIST of a fully tested module. “FIPS compliant”, “FIPS Eligible” or “Designed to Meet” are merely marketing terms of confusion.
MEMKOR FIPS-197 Certified Encryption Algorithm
All Memkor PCIe/NVMe SSDs and the latest generation SATA SSDs, regardless of the form factor and capacity, use FIPS-197 certified hardware encryption algorithm. The encryption can be managed using either TCG OPAL scheme or ATA/NVMe command set.
MEMKOR FIPS197 Certificates #C1408 and #C1414
MEMKOR FIPS 140-2 Validated MKD-O2F Cryptographic Modules
MEMKOR MKD-O2F family of cryptographic modules, validated to FIPS140-2 Level-2, span across our 30gRMS ruggedized BLACK Series and 16.3gRMS high performance ORANGE Series SSDs. Available in a broad spectrum of form factors, including 2.5” SATA and PCIe/NVMe, or M.2 SATA, with capacities ranging from 250GB to 4TB.
Link to NIST.gov for MEMKOR FIPS140-2 Certificate #3750
The validated MKD-O2F FIPS 140-2 set of solutions are already embedded in other MEMKOR models which can be easily ported to other form factors or capacities, with a low risk expedited validation path. Contact us for more details.