Data at Rest Protected by FIPS 140-2 Validated Cryptographic Modules1
High Security Benchmark
Data at rest security has quickly become a required importance in the deployment of Data Storage Devices. COTS vendors typically utilize Self-Encrypted Drive (SED) or Full-Disk Encryption (FDE), as well as Advanced Encryption Standard (AES) in their storage device specifications as a yardstick that aims to satisfy the user about their data at rest security. But is this enough?
USA and other governments say NO. The US and Canadian authorities have set a higher security benchmark by defining the Federal Information Processing Standards FIPS Publication 140-2 (FIPS 140-2)1, the standard for defining design, implementation and operation requirements for a cryptographic module.
The FIPS 140-2 benchmark is so high that only a few SSD manufacturers have been able to successfully complete FIPS 140-2 validation. The FIPS 140-2 not only validates the encryption engine itself, It also considers a much broader and more complex way by looking into all existing ports and interfaces, evaluating internal states of the module from security standpoint, checking how random is your “random number generator”, how good is your authentication algorithm and assessing how the Cryptographic Keys are created, managed and protected. It also includes a self-test requirement to make sure that the module verifies in real-time that all security components are still operating as they were validated and requires tamper evident or anti-tamper construction.
FIPS 140-2 Validated vs. ‘Compliant’ vs. ‘Eligible’ vs. ‘Designed to Meet’
“FIPS validated” is the ONLY phrase that describes acceptance by NIST of a fully tested module. “FIPS compliant”, “FIPS Eligible” or “Designed to Meet” are merely marketing terms of confusion.
Memkor MKD-O2F Cryptographic Modules
Memkor MKD-O2F family of cryptographic modules span across our 30gRMS ruggedized BLACK Series and 16.3gRMS high performance ORANGE Series SSDs. They are validated to FIPS 140-2 Level 2 and includes 2.5” SATA and PCIe/NVMe as well as M.2 SATA form factors with capacities from 250GB to 4TB.
The validated MKD-O2F FIPS 140-2 set of solutions are already embedded in other MEMKOR models which can be easily ported to other form factors or capacities with a low risk, expedited validation path.
ORANGE, BLUE and BLACK Series Self-Encrypted Drives (SED)
Memkor Orange Series SSDs consists of a broad range of SSD solutions designed as drop-in replacements for traditional mechanical SATA 1.8”, 2.5” and 3.5” drives, as well as newer standards such as mSATA (MO-300B) and M.2 (formerly NGFFThe PCIe/NVMe interface on the 2.5” (U.2) form factor allows to scale the performance up to 1,200MB/s and 200,000 IOps.
The implementation of all Memkor Orange Series modules relies on Memkor MKD-O2F cryptographic module and is either FIPS 140-2 or FIPS 197 validated.1
The superior ruggedization of the ORANGE Series comply with a wide range of deployments in portable computers, desktops, data recorders, or servers. Addressing the on-going segmentation of the SSD application requirements, a number of security features, performance and power consumption options are offered.
Memkor Blue Series SSDs are geared towards high performance data recorders and servers requiring highest capacity per SATA/PCIe port.
Memkor Blue Series SSDs extend the capabilities and feature set of the Orange Series SSDs to the increased height 2.5” form factor in order to scale the capacity to 8192GB (MLC NAND) in 0.602” (15.3mm) or up to 12 TB if other special form factors can be supported. Memkor BLUE Series with PCIe interface provides an outstanding sustained read/write performance of up to 1,200MB/s and 200,000 IOps. The superior ruggedization of the BLUE Series address a broad range of Defense and Enterprise markets. Addressing the on-going segmentation of the SSD application requirements, a number of security features, performance and power consumption options are offered.
The implementation of all Memkor Blue Series modules relies on Memkor MKD-O2F cryptographic module and is FIPS 197 validated.1
Memkor BLACK Series SSDs with the innovative mechanical design achieve exceptional resistance to the most extreme shock and vibration levels defined in the MIL-STD-810G standard. With a capacity ranging from 16GB to 1024GB using either MLC or SLC NAND, featuring Write Protect, Data Elimination and optional highly ruggedized HiVibe(C) SATA connector, the BLACK Series considerably expands the deployment flexibility of the Memkor family of SSD’s.
The implementation of all Memkor Black Series modules relies on Memkor MKD-O2F cryptographic module and is either FIPS 140-2 or FIPS 1971 validated. Contact us for more information.
(1) Modules In Process List, https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Modules-In-Process/Modules-In-Process-List