At the sixth annual International Cryptographic Module Conference in Ottawa, Ontario, Canada (May 8-11), Mark and Steve of KeyPair Consulting are contributing the following talks:
“FIPS 140-2 Inside” – You’re (Probably) Doing It Wrong – Wednesday, May 9 at 11:45am, Mark Minnoch
A product may satisfy FIPS 140-2 requirements by incorporating a validated cryptographic module, a strategy called “FIPS 140-2 Inside.” How do vendors responsibly integrate cryptographic functionality into their product to achieve the intent of “FIPS 140-2 Inside”?
During this session, you will gain a firm understanding in…
- The benefits of a “FIPS 140-2 Inside” strategy
- What Federal Agencies need
- Best practices
Realigning (Not Re-Inventing!) The Wheel: Applying a Composition Model to FIPS 140-2 Validation – Thursday, May 10 at 4:00pm, Steve Weymann
Several assurance schemes employ a composition model – combining validated elements into a larger whole – to assurance and validation processes to reduce repetitive work and streamline processes.
Current FIPS 140-2 practice permits a module under validation to incorporate existing validated modules by reference, although the guidelines for this are currently not formalized in Implementation Guidance. This presentation reviews existing validations of this type; explores how module vendors or agencies can make use of this practice as it exists today; and posits formal guidelines and extensions for a composition model to benefit validation program stakeholders.
KeyPair Consulting provides expert guidance to meet your FIPS 140-2 goals