Data at Rest Protection

FIPS 140-2 Validated Cryptographic Modules1

Certified FIPS 197 Encryption Algorithms


NIST Sets High Standards for Cryptographic Module Security Implementation

Data at Rest (DAR) security has quickly become a critical function in the deployment of Data Storage Devices.

The COTS storage vendors use terminologies such as Self-Encrypted Drive (SED) or Full-Disk Encryption (FDE), as well as Advanced Encryption Standard (AES) in the device specifications to claim compliance with DAR security requirements. Is this enough?

USA and other governments say no. The US and Canadian authorities have set a higher security benchmark by defining the Federal Information Processing Standards FIPS Publication 140-2 (FIPS 140-2)1, the standard for defining design, implementation and operation requirements for a cryptographic module.

The FIPS 140-2 benchmark is so high that only a few SSD manufacturers have been able to successfully complete FIPS 140-2 validation. The FIPS 140-2 not only validates the encryption engine itself, but it also considers a much broader and more complex way of looking into existing ports and interfaces. It evaluates internal states of the module from a security standpoint. It checks how random the “random number generator” is: how good the authentication algorithm is: and assesses how the Cryptographic Keys are created, managed and protected. It also includes a self-test requirement to make sure that the module verifies in real-time that all security components are still operating as they were validated and requires tamper evident or anti-tamper construction. A number of underlying technologies require a separate NIST certifications and are pre-requisites to FIPS 140-2 validation. Notably, FIPS-197 process certifies the suitability of the encryption algorithm.

FIPS 140-2 Validated vs. ‘Compliant’ vs. ‘Eligible’ vs. ‘Designed to Meet’

“FIPS validated” is the only phrase that describes acceptance by NIST of a fully tested module. “FIPS compliant”, “FIPS Eligible” or “Designed to Meet” are merely marketing terms of confusion.

Memkor FIPS-197 Certified Encryption Algorithm

All Memkor PCIe/NVMe SSDs and the latest generation SATA SSDs, regardless of the form factor and capacity, use FIPS-197 certified hardware encryption algorithm. The encryption can be managed using either TCG OPAL scheme or ATA/NVMe command set. Please contact Memkor for more details.

Memkor FIPS 140-2 Validated MKD-O2F Cryptographic Modules

Memkor MKD-O2F family of cryptographic modules span across our 30gRMS ruggedized BLACK Series and 16.3gRMS high performance ORANGE Series SSDs. They are validated to FIPS 140-2 Level 2 and includes 2.5” SATA and PCIe/NVMe as well as M.2 SATA form factors with capacities from 250GB to 4TB.

The validated MKD-O2F FIPS 140-2 set of solutions are already embedded in other MEMKOR models which can be easily ported to other form factors or capacities with a low risk, expedited validation path.


Form Factor Series Capacity Range [GB] I/F Read [MB/s] Write [MB/s] GRMS Security (Validated)
 2.5"
ORANGE  32 - 4,096 SATA  450-550   60-520  16.3 FIPS 197, FIPS 140-2¹
 2.5"  BLUE² 32 - 4,096
SATA    520-550 500-520   16.3  FIPS 197
 2.5"  BLACK  32 -  2,048 SATA    450-550 80-500   30.0  FIPS 197
 mSATA ORANGE   32 - 512  SATA   400-500 150-350  3.0   FIPS 197
 1.8" ORANGE  32 -  2,048   SATA  250-550  80-500   16.3  FIPS 197
 M.2 2260  ORANGE  128 -  512  SATA  450-500  300-500   3.0  FIPS 197
 M.2 2280 ORANGE   32 -  1,024  SATA  450-500   80-350  2.0 FIPS 197, FIPS 140-2¹ 
 M.2 2280 BLUE²   2,048 -  4,092  SATA  450-550   450-520  2.0 FIPS 197 
 M.2 22110  ORANGE  1,024 - 2,048  SATA  450-550  450-520  2.0   FIPS 197
3U VPX   BLUE  1,024 - 8,192  SATA  450-550  450-520   2.5  FIPS 197, FIPS 140-2¹
U.2/2.5"   ORANGE  512 - 4,096 PCIe/NVMe  600-1200  1100-1200  16.3   FIPS 197, FIPS 140-2¹
 U.2/2.5"  BLUE²  8,192 - 16,384  PCIe/NVMe 1000-1200  1100-1200   16.3 FIPS 197 
 U.2/2.5"  BLACK  32 - 2,048 PCIe/NVMe   600-1200 800-1200   30.0 FIPS 197 
 M.2 2280  ORANGE 128 - 512  PCIe/NVMe   800-1000 300-600   2.0  FIPS 197
 M.2 2280  BLUE²  1,024 - 4,092 PCIe/NVMe  900-1200  800-1000   2.0  FIPS 197
 M.2 22110  ORANGE 1,024 - 2,048   PCIe/NVMe  900-1200 800-1000  2.0   FIPS 197
3U VPX   BLUE  1,024 - 8,192  PCIe/NVMe 900-1200  800-1000  2.5   FIPS 197, FIPS 140-2¹

(1) Selected models and capacities completed the testing and are on the Module in Process List for FIPS 140-2.

(2) SSD has an increased height compared to the standard to provide more capacity.


ORANGE, BLUE and BLACK Series Self-Encrypted Drives (SED)

Memkor Orange Series SATA SSDs consists of a broad range of SSD solutions with FIPS-140-21 and/or FIPS-197 validated self-encrypted drive technology built-into the hardware and encompassing 1.8”, 2.5”, mSATA (MO-300B), M.2 and other form factors with SATA interface with performances up to 550MB/s and 80,000 IOps.

The implementation of all Memkor Orange Series modules relies on Memkor MKD-O2F cryptographic module and is either FIPS 140-21 or FIPS 197 validated.

The superior ruggedization of the ORANGE Series comply with a wide range of deployments in portable computers, desktops, data recorders, or servers. To address the on-going segmentation of the SSD application requirements, a number of security features, performance and power consumption options are offered.

Memkor Orange Series PCIe/NVMe SSDs consisting of FIPS 140-21 and/or FIPS-197 validated 2.5”/U.2 and M.2 SSDs with PCIe/NVMe interface. The PCIe/NVMe allows to scale the performance up to 1,200MB/s and 200,000 IOps.

The implementation of all Memkor Orange Series modules relies on Memkor MKD-O2F cryptographic module and is either FIPS 140-21 or FIPS 197 validated.

The superior ruggedization of the ORANGE Series comply with a wide range of deployments in portable computers, desktops, data recorders, or servers. To address the on-going segmentation of the SSD application requirements, a number of security features, performance and power consumption options are offered.

Memkor Blue Series SSDs are geared towards high performance data recorders and servers requiring highest capacity per SATA/PCIe port.

Memkor Blue Series SSDs extend the capabilities and feature set, including security features of the Orange Series SSDs to the increased height 2.5”, M.2 and special form factors in order to maximize the capacity. This increases capacity up to 16,384GB in 2.5” and up to 4,096GB in M.2 SATA or PCIe/NVMe drives. Memkor BLUE Series with PCIe interface provides an outstanding sustained read/write performance of up to 1,200MB/s and 200,000 IOps. The superior ruggedization of the BLUE Series address a broad range of Defense and Enterprise markets. To address the on-going segmentation of the SSD application requirements, a number of security features, performance and power consumption options are offered.

The implementation of all Memkor Blue Series modules relies on Memkor MKD-O2F cryptographic module and is FIPS 197 validated.

Memkor BLACK Series SSDs with the innovative mechanical design and special Bill of Material (BOM) display exceptional resilience to the most extreme shock and vibration levels defined in the MIL-STD-810G standard. With a capacity ranging from 16GB to 1024GB using either MLC or SLC NAND, featuring Write Protect, Data Elimination and optional highly ruggedized HiVibe(C) SATA connector, the BLACK Series considerably expands the deployment flexibility of the Memkor family of SSD’s.

The implementation of all Memkor Black Series modules relies on Memkor MKD-O2F cryptographic module and is either FIPS 140-21 or FIPS 197 validated. Contact us for more information.