8.0About FIPS

The Federal Information Processing Standard (FIPS) Publication 140-2, FIPS PUB 140-2, is a U.S. govern- ment computer security standard used to accredit cryptographic modules. It is titled “Security Requirements for Cryptographic Modules”. The initial publication was on May 25, 2001 and was last updated December 3, 2002.

Purpose

The National Institute of Standards and Technology (NIST) issued the FIPS 140 Publication Series to coordi- nate the requirements and standards for cryptography modules that include both hardware and software com- ponents.

Federal Information Processing Standard (FIPS) 140-2 Level 2 Certification requires drives to go through gov- ernment agencies certifications to add requirements for physical tamper-evidence and role-based authentica- tion.

Level 2 security

Level 2 improves upon the physical security mechanisms of a Level 1 (lowest level of security) cryptographic module by requiring features that show evidence of tampering, including tamper-evident coatings or seals that must be broken to attain physical access to the plaintext cryptographic keys and critical security parameters (CSPs) within the module, or pick-resistant locks on covers or doors to protect against unauthorized physical access.

Figure 10. Example of FIPS tamper evidence labels.

Note. Does not represent actual drive.

36

Savvio 15K.3 SAS Product Manual, Rev. A

Page 44
Image 44
Seagate ST9300453SS, ST9300653SS, ST9300553SS, ST9146753SS, ST9146853SS, ST9146653SS About Fips, Purpose, Level 2 security