If you need to secure the confidentiality and integrity of information, you will want the encryption keys to protected by a Hardware Security Module certified according to FIPS 140-2.
FIPS 140-2 is the dominant certification for cryptographic module, issued by NIST.
Utimaco HSMs are FIPS 140-2 tested and certified
Utimaco HSMs achieve certification up to physical level 4.
Utimaco’s Hardware security modules are FIPS 140-2 certified. Any Utimaco HSMs have been laboratory-tested and certified against FIPS 140-2 standards to help you comply with the standards you need to meet.
Protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module.
The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include:
- cryptographic module specification,
- ports and interfaces,
- roles, services, and authentication,
- physical security,
- operational environment,
- key management,
- EMI / EMC and
- design assurance.
FIPS 140-2 levels explained
Based on security requirements in the above areas, FIPS 140-2 defines 4 levels of security.
- Level 1 is the lowest security level that can be applied to both soft- and hardware. It is characterized by the sole fact that it uses a cryptographic function.
- Level 2 already has temper evidence as an additional security feature. This means that an attack may have been successful, but at least the fact that the secret has been divulged is known.
- Level 3 devices are measured on tamper detection and response, identity-based authentication and enhanced protection of secret and private keys.
- Level 4 devices are tamper resistant and provide environmental failure protection (with regard to voltage or temperature).
Utimaco support for FIPS 140-2 compliance standards up to physical level 4
FIPS 140-2 compliance standard provides four increasing qualitative levels of security intended to cover a wide range of potential applications and environments:
- The Utimaco general purpose HSMs are FIPS certified and ideal for generating encryption and signing keys, creating digital signatures, creating conditional access solutions, code signing, random number generation, time stamping, encrypting data at rest or in transit, key injection into semiconductor chips.
Utimaco SecurityServer CSe is one of the very few HSMs in the market with FIPS 140-2 physical level 4.
Click here to find the Utimaco HSMs listed on the NIST website.
- The Utimaco Payment HSM PaymentServer is a FIPS-certified hardware security module dedicated to the payment industry for issuing credentials, processing transactions and managing keys.
In addition to helping you comply with FIPS 140-2 and NIST SP800-53, Revision 4, Utimaco HSMs all can help you comply with:
- Common Criteria
- PCI DSS
- Deutsche Kreditwirtschaft
and other national and industry proprietary standards and certification schemes like
- Certificate Policy of the Smart Metering PKI.