In the U.S., federal agencies looking to secure sensitive but unclassified data have to buy encryption-based products that have passed the so-called “Federal Information Processing Standard (FIPS) 140-2” certification tests. Although encryption is subject to import and export guidelines, there’s another type of government regulation that impacts what customers buy. Some industrialized nations choose encryption standards and require testing of encryption products before government buyers can purchase them. In the U.S., federal agencies looking to secure sensitive but unclassified data have to buy encryption-based products that have passed the so-called “Federal Information Processing Standard (FIPS) 140-2” certification tests.Seven test labs, overseen by the Commerce Department’s National Institute of Standards and Technology (NIST), examine products to assure that crypto based on the Advanced Encryption Standard, Triple-DES, Skipjack, RSA, or the Digital Signature Algorithm is correctly implemented in products. Randy Easter, director of NIST’s cryptographic module program, says 50% of the products that have passed through testing had flaws that got corrected in the process.FIPS 140-2 certification is gaining international appeal, too. The British government is now requiring FIPS 140-2 validation in testing for government purchase. Testing can be expensive. According to Roy Pereira, product manager at encryption vendor Certicom, it took hundreds of thousands of dollars and more than a year to get its Security Builder GSE tool kit through FIPS 140-2 validation.Some companies, including EncryptX, acknowledge they can’t sell to U.S. agencies because they haven’t gone through FIPS 140-2 testing. Easter says government buyers should require documentation of FIPS 140-2 approval when purchasing products. Back to Management Strategies: “Encryption restrictions” Related content news EU approves $1.3B in aid for cloud, edge computing New projects focus on areas including open source software to help connect edge services, and application interoperability. By Sascha Brodsky Dec 05, 2023 3 mins Technology Industry Technology Industry Technology Industry brandpost Sponsored by HPE Aruba Networking Bringing the data processing unit (DPU) revolution to your data center By Mark Berly, CTO Data Center Networking, HPE Aruba Networking Dec 04, 2023 4 mins Data Center feature 5 ways to boost server efficiency Right-sizing workloads, upgrading to newer servers, and managing power consumption can help enterprises reach their data center sustainability goals. By Maria Korolov Dec 04, 2023 9 mins Green IT Green IT Green IT news Omdia: AI boosts server spending but unit sales still plunge A rush to build AI capacity using expensive coprocessors is jacking up the prices of servers, says research firm Omdia. By Andy Patrizio Dec 04, 2023 4 mins CPUs and Processors Generative AI Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe