Manualshelf

Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch
241242243244245246247248249250
Encryption Administrator’s Guide 225
53-1001201-04
Appendix
E
FIPS Specifications
The FIPS-140 standard
The official title for the standard Federal Information Processing Standard 140 (FIPS-140) is
Security Requirements for Cryptographic Modules. FIPS 140-2 is the second revision of the
standard, and was released in 2001.
FIPS compliance
Table 26 gives a brief overview of FIPS security levels. Each level of security requires complete
satisfaction of the lower levels to claim compliance. The Brocade encryption engine meets Level 3
requirements (highlighted in gray).
For more information on FIPS and certifications, see the National Institute of Standards and
Technology Computer Security Resource Center (NIST CSRC) at http://csrc.nist.gov/index.html.
TABLE 26 FIPS security levels
FIPS Security Level Description
Level 1 Production-grade components tested with at least one approved security function
deployed. Software components of a cryptographic module can be executed on general
purpose computers with an unevaluated operating system.
Level 2 Cryptographic module must provide tamper-evidence, which usually consists of a coating
or seal that must be broken to access the CSPs. The operating system must provide
role-based authentication and discretionary access controls that protect against
unauthorized execution, modification, and reading of cryptographic software, as well as
audit mechanisms. The operating system must be approved to Common Criteria EAL2.
Level 3 The cryptographic module is expected to detect and respond to tampering by zeroizing all
cleartext CSPs. Identity-based authentication mechanisms are required, along with
physically separate ports for CSPs and mechanisms to protect CSPs against timing
analysis attacks.
Level 4 Requires a complete envelope of protection around the cryptographic module with the
intent of detecting and responding to all unauthorized attempts at physical access so that
the device can operate in a physically unprotected environment. Two factor authentication
is required and the device must detect fluctuations outside of the module’s normal
operating ranges for voltage and temperature. Software must provide extensive auditing
and strong protection of CSPs from unauthorized disclosure and modification when the
module is inactive.