Protecting Data with Controller-Based Encryption, Part 3

Author: Kevin BurbankFIPS

What you need to know before submitting a cryptographic module for FIPS validation.

My first post gave an overview of the FIPS validation process.  The second post explored the FIPS 140-2 validation levels and their requirements.

This final post will cover some other things to keep in mind when submitting a cryptographic module for FIPS validation.

Customer Guidance
There are a number of steps to complete if you are developing a cryptographic module for FIPS validation. At a high level, these steps include:

  1. Contracting with a FIPS 140 Cryptographic and Security Testing (CST) laboratory.
  2. Defining a cryptographic boundary and ensuring it meets FIPS 140-2 requirements.
  3. Implementing mechanisms to meet Physical Security requirements.

Additionally, you may also wish to contract with a consultant to write documentation and provide ongoing design assistance.

Crypto Boundary
Defining the cryptographic boundary is a crucial step because it sets the requirements that must be met in the evaluation. There is no one-size-fits-all method for defining the boundary, but here are some best practices:

  1. Follow precedent: For many validations, the cryptographic boundary will be defined by precedent. For example, the boundary for hardware appliances (VPN routers, etc.) is typically drawn at the appliance casing. The boundary for line cards and other modules embedded into a host typically encompasses all or part of the line card.
  2. Refine as necessary: You can fine-tune your cryptographic boundaries to meet the requirements. On a line card, for example, you can exclude the parts of the board that have no cryptographic relevance.
  3. Understand technical implications: In defining the boundary, you should be aware of the impacts of the requirements, especially in the areas of Key Management, Self-Tests, and Physical Security.

Physical Security
Speaking of Physical Security, the requirements at Levels 2 and 3 can be a significant challenge because you will need to incorporate mechanisms that protect the specified cryptographic boundary, including opacity and tamper evidence at Level 2, and tamper response at Level 3.

Controller-Based Encryption designed into array controllers is a very effective way to meet data security requirements. The array controller is the ideal encryption location since the I/O controllers within the array controller are natural aggregation points for all data. Importantly, this location requires no additional CPU or system memory from the host to achieve line rate encryption.  Add some careful planning and resource allocation, and you are well on your way toward successful FIPS validation.

For more information on the FIPS 140-2 validation process, I invite you to download the PMC Whitepaper, “FIPS Certification of Controller Based Encryption”.

This entry was posted by Carol Whitmarsh on at and is filed under Encryption. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.