Product details:

ISBN13:	9798868801242
ISBN10:	8868801248
Binding:	Paperback
No. of pages:	213 pages
Size:	254x178 mm
Language:	English
Illustrations:	59 Illustrations, black & white
699

Category:

System analysis, system planning

Data management in computer systems

Privacy, data security

System analysis, system planning (charity campaign)

Data management in computer systems (charity campaign)

Privacy, data security (charity campaign)

Designing to FIPS-140

A Guide for Engineers and Programmers

Johnston, David; Fant, Richard;

Edition number: 1st ed.

Publisher: Apress

Date of Publication: 26 April 2024

Number of Volumes: 1 pieces, Book

Normal price:

Publisher's listprice:
EUR 64.19

Estimated price in HUF:
26 488 HUF (25 226 HUF + 5% VAT)
Why estimated?

Your price:

21 190 (20 181 HUF + 5% VAT )

discount is: 20% (approx 5 298 HUF off)

Discount is valid until: 30 June 2024

The discount is only available for 'Alert of Favourite Topics' newsletter recipients.
Click here to subscribe.

Availability:

Not yet published.

Add to wishlist

What is wishlist?

Short description:

This book provides detailed and practical information for practitioners to understand why they should choose certification. It covers the pros and cons, and shows how to design to comply with the specifications (FIPS-140, SP800 documents, and related international specs such as AIS31, GM/T-0005-2021, etc.). It also covers how to perform compliance testing. By the end of the book, you will know how to interact with accredited certification labs and with related industry forums (CMUF, ICMC). In short, the book covers everything you need to know to make sound designs.
There is a process for FIPS-140 (Federal Information Processing Standard) certification for cryptographic products sold to the US government. And there are parallel certifications in other countries, resulting in a non-trivial and complex process. A large market of companies has grown to help companies navigate the FIPS-140 certification process. And there are accredited certification labs you must contract to get the certification.
Although this was once a fairly niche topic, it is no longer so. Other industries?banking, military, healthcare, air travel, and more?have adopted FIPS certification for cryptographic products. The demand for these services has grown exponentially. Still, the available skills pool has not grown. Many people are working on products with zero usable information on what to do to meet these standards and achieve certification or even understand if such certification applies to their products.
What You Will Learn
What is FIPS-140? What is the SP800 standard?
What is certification? What does it look like? What is it suitable for?
What is NIST? What does it do?
What do accredited certification labs do?
What do certification consultants do?
Where and when is certification required?
What do FIPS-140 modules look like?
What are the sub-components of FIPS-140 modules (RNGs, PUFs, crypto functions)? How does certification work for them?
What are the physical primitives (RNGs, PUFs, key stores) and how do you handle the additional complexity of certifying them under FIPS?
What are the compliance algorithms (AES, SP800-90 algos, SHA, ECDSA, key agreement, etc.)?
How do you design for certification (BIST, startup tests, secure boundaries, test access, zeroization, etc.)?
How do you get CAVP certificates (cert houses, ACVTs)?
How do you get CMVP certifications (cert houses, required documents, design information, security policy, etc.)?

Long description:

This book provides detailed and practical information for practitioners to understand why they should choose certification. It covers the pros and cons, and shows how to design to comply with the specifications (FIPS-140, SP800 documents, and related international specs such as AIS31, GM/T-0005-2021, etc.). It also covers how to perform compliance testing. By the end of the book, you will know how to interact with accredited certification labs and with related industry forums (CMUF, ICMC). In short, the book covers everything you need to know to make sound designs.

There is a process for FIPS-140 (Federal Information Processing Standard) certification for cryptographic products sold to the US government. And there are parallel certifications in other countries, resulting in a non-trivial and complex process. A large market of companies has grown to help companies navigate the FIPS-140 certification process. And there are accredited certification labs you must contract toget the certification.

Although this was once a fairly niche topic, it is no longer so. Other industries?banking, military, healthcare, air travel, and more?have adopted FIPS certification for cryptographic products. The demand for these services has grown exponentially. Still, the available skills pool has not grown. Many people are working on products with zero usable information on what to do to meet these standards and achieve certification or even understand if such certification applies to their products.

What You Will Learn

What is FIPS-140? What is the SP800 standard?
What is certification? What does it look like? What is it suitable for?
What is NIST? What does it do?
What do accredited certification labs do?
What do certification consultants do?
Where and when is certification required?
What do FIPS-140 modules look like?
What are the sub-components of FIPS-140 modules (RNGs, PUFs, crypto functions)? How does certification work for them?
What are the physical primitives (RNGs, PUFs, key stores) and how do you handle the additional complexity of certifying them under FIPS?
What are the compliance algorithms (AES, SP800-90 algos, SHA, ECDSA, key agreement, etc.)?
How do you design for certification (BIST, startup tests, secure boundaries, test access, zeroization, etc.)?
How do you get CAVP certificates (cert houses, ACVTs)?
How do you get CMVP certifications (cert houses, required documents, design information, security policy, etc.)?

Who This Book Is For

Hardware and software engineers or managers of engineering programs that include any form of cryptographic functionality, including silicon vendors, library vendors, OS vendors, and system integrators

Table of Contents:

Chapter 1: FIPS140.- Chapter 2: FIPS Technical Details.- Chapter 3: Security Levels (1,2,3,4).- Chapter 4: Subordinate Specs.- Chapter 5: Working with Accredited Certification Labs.- Chapter 6: Documentation Requirements.- Chapter 7: Algorithm Validation.- Chapter 8: Industry Forums.