If you work in government or a regulated industry, you’ve no doubt heard of the Federal Information Processing Standards, perhaps better known by the acronym FIPS. FIPS is a very broad set of standards publications, but in the software industry the term usually refers to the publication specifically about cryptography, FIPS 140-2 Security Requirements for Cryptographic Modules. FIPS 140-2 is a product of the joint effort between the United States and Canada called the Cryptographic Module Validation Program. It standardizes the testing and certification of cryptographic modules that are accepted by the federal agencies of both countries for the protection of sensitive information.
FIPS 140-2 defines four security levels (1–4) which correlate to the level of protection a FIPS‑certified module must provide.
The consequences of processing sensitive information in a non‑compliant fashion can be severe. At best, it can mean the loss of a valuable contract with an organization that requires FIPs compliance, such as the U.S. Federal government. At worst, it can lead to theft of personal information or national security documents. Although FIPS 140-2 is a North American government certification, it has become a global cryptographic baseline for:
#blog #tech #nginx plus #security