FIPS Compliance

Compliance is a primary consideration for the enterprise. From privacy to corporate governance to business practices and standards, regulation impacts so many aspects of corporate activity that it is a challenge for businesses just to keep up. Many organizations, such as those in the healthcare and financial sectors, are subject to so many types of regulation on so many levels, that selection of IT infrastructure – with both the flexibility and security to fully meet requirements – has become crucially important. As such, Array products and solutions are designed to both enable and maintain compliance across a broad range of industry and governmental regulations.

Federal Information Processing Standards (FIPS) Compliance

Federal Information Processing Standard 140-2 (FIPS 140-2) is a standard that describes US federal government requirements that IT products should meet for sensitive, but unclassified (SBU) use. The standard was published by the National Institute of Standards and Technology (NIST), has been adopted by the Canadian government’s Communication Security Establishment (CSE), and is likely to be adopted by the financial community through the American National Standards Institute (ANSI).

The standard defines the security requirements that must be satisfied by a cryptographic module used in a security system protecting unclassified information within IT systems. There are four levels of security: from the lowest Level 1 to the highest Level 4. These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be deployed. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include basic design and documentation, module interfaces, authorized roles and services, physical security, software security, operating system security, key management, cryptographic algorithms, electromagnetic interference/electromagnetic compatibility (EMI/EMC) and self-testing.