FIPS Complience and Certification(s)
Question asked by Bruce Barnes - August 13, 2015 at 10:22 PM
Unanswered
Great work on the latest upgrade of SmarterMail, guys!

Now that SmarterMail 14.2.5703 is FIPS complaint, will SmarterTools be submitting SmarterMail to be  listed in the FIPS database of complaint products?
 
Here's the current list, as of today, Friday, 14 August, 2015, and it's not listed yet:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm

It would also be nice to get some kind of FIPS 114-2 compliance certification statement from SmarterTools as this would be the first step in creating a FIPS 114-2, Level 4 compliant hosting center and could be a huge selling tool. 

FIPS 140-2 defines four levels of security, simply named "Level 1" to "Level 4". It does not specify in detail what level of security is required by any particular application.
  • FIPS 140-2 Level 1 the lowest, imposes very limited requirements; loosely, all components must be "production-grade" and various egregious kinds of insecurity must be absent.
  • FIPS 140-2 Level 2 adds requirements for physical tamper-evidence and role-based authentication.
  • FIPS 140-2 Level 3 adds requirements for physical tamper-resistance (making it difficult for attackers to gain access to sensitive information contained in the module) and identity-based authentication, and for a physical or logical separation between the interfaces by which "critical security parameters" enter and leave the module, and its other interfaces.
  • FIPS 140-2 Level 4 makes the physical security requirements more stringent, and requires robustness against environmental attacks.

 

A PDF on maintaining continued FIPS 140-2 compliance is available here:
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread