Encryption is paramount to providing integrity and confidentiality to protect our federal customers' data. There are many different cryptographic algorithms (such as block cipher, symmetric and asymmetric algorithms) that are available that can encrypt and convert data into unreadable ciphertext. The method to do this must be secure. Being Federal Information Processing Standard (FIPS) validated ensures that the encryption methods used have been independently reviewed and tested before being deployed. FIPS approved algorithms, to include the transition to the new FIPS 140-3 requirements, have endured extensive security analysis and are continually tested to ensure that they will provide adequate security.

The FIPS 140-3 timeline

The FIPS 140-3 standard supersedes FIPS 140-2, and it became effective September 22, 2019. Validation efforts under FIPS 140-3 began in September 2020.  FIPS 140-3 covers a multitude of vulnerabilities and threats defining security requirements for Cisco from initial design to operational deployment. On April 1, 2021, The Cryptographic Module Validation Program (CMVP) no longer accepted FIPS 140-2 submissions for new validation certificates and validation ended for FIPS 140-2 on September 22, 2021. These FIPS 140-2 modules can remain active until September 21, 2026, then will be moved to the Historical List. Customers can purchase off the Historical List and use the FIPS 140-2 modules for existing applications only. You can can find more here at NIST.

Cisco has several FIPS 140-3 validations in process and will continue to move the portfolio of FIPS 140-2 validations to FIPS 140-3 over the next several years.

Cisco's Global Certification and Common Security Modules Team has implemented an innovative approach to expedite FIPS certifications. They have developed a crypto module that is already FIPS-validated and can be embedded in Cisco products. It is important to note that the crypto module is already FIPS-validated, so the Cisco product utilizing it can claim compliance to FIPS 140.

What is a cryptographic module?

A cryptographic module is a software or hardware device/component that performs cryptographic operations securely implementing the cryptographic logic and processes that support the security functions in a computer or electronic system. The National Institute of Standards and Technology (NIST) notes that the areas covered, related to the secure design and implementation of a cryptographic module, include:

• Specification
• Ports and Interfaces
• Roles
• Services
• Authentication
• Finite State Module
• Physical Security
• Operational Environment
• Cryptographic Key Management
• Electromagnetic Interference/Electromagnetic Compatibility
• Self-Tests
• Design Assurance and,
• Mitigation of other Attacks.

Cryptographic Modules that conform to FIPS employ approved security functions such as cryptographic algorithms, cryptographic key management techniques, and authentication techniques.

Understanding FIPS 140-2

The FIPS 140-2 standard stipulates the security requirements needed by a cryptographic module. In a nut shell, FIPS 140-2 is a computer security cryptography standard utilized by the United States Federal Government when cryptographic-based security systems and telecommunication systems are used to provide protection of sensitive but unclassified data as defined in Section 5131 of the Information Technology Management Reform Act of 1996, Public Law 104-106. Cisco is required to meet this standard to be able to sell its products into federal agencies such as the Intelligence Community and Department of Defense.

Protecting cryptographic modules is necessary to maintain the confidentiality and integrity of the information that is being protected. The FIPS 140-2 standard bears four levels of increasing security:

1. Security Level 1: Provides basic security requirements for a cryptographic module. Level 1 must have at least one approved algorithm or approved security function. No specific physical security mechanisms are required.
2. Security Level 2: Enhances the physical security mechanisms of a Security Level 1 cryptographic module by adding the requirement of tamper-evidence (coatings or seals or pick resistant. Locks on removable covers or doors of the module). This level also requires role-based authentication in which a cryptographic module authenticator allows the authorization of an operator to assume a specific role.  The system must also be evaluated at the Common Criteria evaluation assurance level EAL2 or higher.
3. Security Level 3: In addition to the tamper-evident physical security mechanisms required at Level 2, Security Level 3 requirements prevent an intruder from gaining access to the critical security parameters (CSPs) held within the cryptographic module. Physical security mechanisms at this level can detect and respond to physical access, use, or modification. This level also requires identity-based authentication mechanisms which enhances the security provided by level 2 role-based authentication mechanisms. The system must also be evaluated at the Common Criteria evaluation assurance level EAL3 or higher.
4. Security Level 4: This level provides the highest level of security defined in FIPS 140-2. The physical security mechanisms must provide a complete envelope of protection around the cryptographic module with the intent of detecting and responding to all unauthorized attempts at physical access. This level also protects the cryptographic module against environmental conditions or variations of normal operating ranges of voltage and temperature. Intentional junkets beyond the normal operating ranges may be used by an attacker to circumvent a cryptographic modules defense. The system must also be evaluated at the Common Criteria evaluation assurance level EAL4 or higher.

FIPS 140-2 and FIPS 140-3 differentiation

NIST notes that the new FIPS 140-3 introduces some significant changes from FIPS 140-2. For example, rather than encompassing the module requirements directly, FIPS 140-3 references ISO/IEC 19790:2012. NIST also notes that the testing for these ISO/IEC 19790:2012 requirements will be outlined with ISO/IEC 24759:2017.

NIST goes on to say that there are few major technical requirement changes from FIPS 140-2 to FIPS 140-3, but the usage of these ISO documents requires procedural changes in the management and execution of the validation program and process. FIPS 140-2 to FIPS 140-3 differentiation is as follows:

• When FIPS 140-2 was first written, encryption modules were all hardware modules. Over time however, different types of modules were created (e.g., software and firmware modules, as well as hybrid modules). The new FIPS 140-3 standard will include hardware modules, software modules, hybrid-software modules, and hybrid firmware modules.
• FIPS 140-2 also restricted hybrid modules to only a FIPS 140-2 Level 1 validation certification. FIPS 140-3 does not have this restriction, now a hybrid module can be validated at any level in the new standard.
• FIPS 140-2 required that a module support the following roles: user role, crypto officer role, and a maintenance role (this role was optional). The FIPS 140-3 standard still has these three roles, but the crypto officer role is the only one that is required. Both the user role and the maintenance role are optional in FIPS 140-3.
• Within ISO 19790 the FIPS 140-3 standard is like the FIPS 140-2 standard where Level 1 has no authentication requirements, level 2 has minimum role-based authentication, and level 3 has identity-based authentication. The difference now is that FIPS 140-3 level 4 authentication requires multi-factor identity.

Additional resources on FIPS 140-3

• Cisco FIPS validated crypto modules
• National Institute of Standards and Technology (NIST) Computer Security Resource Center
• Cisco and Government Certifications
• NIST FIPS 140-3 Transition Effort
• NIST Special Publication 800-131A Revision 2, Transitioning the Use of Cryptographic Algorithms and Key Lengths