Hardware Security ModuleWhat is a Hardware Security Module (HSM)?How a Hardware Security Module (HSM) works?How are keys and other sensitive data stored and managed in an HSM?What are the compliance standards that an HSM must meet?What is HSM SaaS?How does HSM SaaS differ from physical HSMs?How does an HSM SaaS protect against tampering and unauthorized access in a cloud environment?What are the benefits of using HSM SaaS?How does HSM SaaS ensure the security of sensitive data?Can HSM SaaS be used with existing systems and processes?How does HSM SaaS ensure the availability and reliability of sensitive data?Who can benefit from using HSM SaaS?What is FIPS 140-2 Level 3 HSM
Key & Secrets ManagementWhat is Encryption Key Management?What is Secrets Management? What is a Centralized Key Management System? What is Bring Your Own Key (BYOK)? What is a Credentials Management System? What is Key Management Interoperability Protocol (KMIP)? What is a Symmetric Key? What is an Asymmetric Key? What is Key Lifecycle Management?
Multi-Cloud Data SecurityHow do I move my existing data security controls from On-Prem to the Cloud? How do I protect data as I move and store it in the Cloud? How do I ensure the cloud provider does not access my data?Can I use my encryption keys in the Cloud?How do I enforce data residency policies in the Cloud and comply with GDPR? How do I track and monitor data access and usage in the Cloud? Can I secure containers in the cloud or across different clouds? What is the Shared Security Model? What is multi-cloud key management?
Google External Key Manager Service (EKM)What is Google Cloud’s External Key Manager Service?How does Google Cloud’s External Key Manager work?What are the benefits of Key provenance in Google EKM? What are the benefits of Key centralization in Google EKM?What are the benefits of Key control in Google EKM?How Do You Decide When and How Can Your Data Be Decrypted? What are the requirements when implementing External Key Management? What are the Service integrations and technical considerations in Google EKMWhich GCP services are supported by Fortanix DSM? How Is Google EKM Available with Fortanix Integration? How does international data transfer from Europe work with Fortanix?
AWS External Key StoreWhat is the AWS KMS eXternal Key Store (XKS) service? How does AWS XKS with Fortanix DSM work? What are the benefits of AWS XKS and Fortanix Integration?What are the benefits of Key provenance in AWS XKS?What are the benefits of Key centralization in AWS XKS?What are the benefits of Key control in AWS XKS?Which AWS cloud services are supported by AWS KMS External Key Store? How can AWS XKS integrate with Fortanix DSM? How does international data transfer from Europe work with Fortanix? How does Fortanix DSM as XKS affect KMS service reliability and performance? What is the latency of the XKS service offered by DSM SaaS? Do AWS Services cache Data Encryption Keys serve by AWS KMS? For how long?
Code Signing, Certificates, StampingWhat is a Digital Certificate?What is a Certificate Authority?What is Code Signing?What is a Digital Signature?What is Time Stamping?
Public Key InfrastructureWhat is PKI?What is the role of Certificate Authorities (CAs)?What is certification authority or root private key theft? What is inadequate separation (segregation) of duties for PKIs? What is insufficient scalability in a PKI?What is a subversion of online certificate validation?What is a lack of trust and non-repudiation in a PKI?
EncryptionWhat is Storage Encryption?What is Network Encryption?What is Transparent Encryption?What is End-to-End Encryption?What is Point-to-Point Encryption?What is Application Layer Encryption?What is Tokenization?What is Dynamic Masking?What is Data at Rest?What is Full-Disk Encryption (FDE) and What are Self-Encrypting Drives (SED)?What is data center interconnect (DCI) layer 2 encryption?
Zero Trust ArchitectureWhat is Zero Trust Architecture in data security?Why are traditional approaches to protecting data not effective anymore?According to NIST, what are the key principles of Zero Trust Architecture?What are some popular ways of implementing Zero Trust Architecture?What are the considerations when implementing Zero Trust cryptography?Why do you need Zero Trust security in the cloud? How does Zero Trust Architecture solve today's challenges in cloud security?How does confidential computing enhance Zero Trust?
Confidential ComputingWhat is Confidential Computing?What are the origins Of Confidential Computing?What companies are driving the adoption of Confidential Computing?How does Confidential Computing protect data?What are the benefits of using Confidential Computing?How does Confidential Computing help with regulatory compliance requirements?Who Needs Confidential Computing?What are some examples of Confidential Computing use cases?
What is FIPS 140-2 Level 3 HSM
(Federal Information Processing Standard) FIPS 140-2 Level 3 certified HSMs are designed to prevent physical tampering with tamper-evident seals, intrusion sensors, and self-destruct mechanisms. These devices meet the requirements of Level 3 of the FIPS 140-2 standard. They undergo rigorous testing and certification to meet the highest security standards. With Level 3 certification, organizations can rest assured that sensitive information and cryptographic keys are well-protected against physical attacks.
FIPS standards are developed by NIST's Computer Security Division and are widely adopted in both government and non-government sectors worldwide as a security benchmark.
FIPS 140-3 is the latest benchmark for validating the effectiveness of cryptographic hardware, and products with FIPS 140-3 certification have been formally validated by both the US and Canadian governments.
The US Secretary of Commerce signed FIPS 140-3 on May 1, 2019, and starting from April 1, 2022, new submissions must comply with the FIPS PUB 140-3 Security Requirements for Cryptographic Modules, replacing FIPS 140-2.
The US government uses FIPS 140-2 to verify that private sector cryptographic modules and solutions (hardware and software) meet NIST standards and adhere to the Federal Information Security Management Act of 2002 (FISMA).
FIPS 140-2 has four levels. For a cryptographic module to meet the stringent requirements of Level 3 under the FIPS 140-2, it must undergo rigorous testing to demonstrate compliance with all four levels of the standard.
Security Level 1 specifies basic security requirements for a cryptographic module. No physical security mechanisms are required except for production-grade equipment. Examples include IC cards, add-on security products, and PC encryption boards. Software cryptographic functions are allowed in a general-purpose PC. This level is suitable for low-level security applications where hardware is too expensive.
Security Level 2 adds physical security to a Security Level 1 cryptographic module. This level requires tamper-evident coatings, seals, or pick-resistant locks. The coating or seal must be broken to attain physical access to the plaintext cryptographic keys and other critical security parameters within the module. Role-based authentication is also required. Software cryptography is allowed in multi-user timeshared systems when used with a C2 or equivalent trusted operating system.
Security Level 3 requires enhanced physical security to prevent intruders from accessing critical security parameters held within the module. For example, a multi-chip embedded module must be contained in a strong enclosure. The critical security parameters are zeroized if a cover is removed or a door is opened. This level also requires identity-based authentication and stronger requirements for entering and outputting critical security parameters. Software cryptography is allowed in multi-user timeshared systems when a B1 or equivalent trusted operating system is employed along with a trusted path for the entry and output of critical security parameters.
Security Level 4 provides the highest level of security. It provides an envelope of protection around the cryptographic module. Level 4 physical security aims to detect penetration of the device from any direction, and critical security parameters should be zeroized. This level also protects a module against compromising its security due to environmental conditions or fluctuations outside of the module's normal operating ranges for voltage and temperature. Level 4 devices are particularly useful for operation in a physically unprotected environment.
Learn more about:
How to leverage Runtime Encryption® in industry’s first HSM as a Service