Mohlo by sa vám tiež páčiť

Viac informácií o knihe Designing to FIPS-140

• Parametre knihy
• Anotácia kniha
• Obľúbené z iného súdka

Nákupom získate 145 bodov

Anotácia knihy

There is a process for FIPS-140 (Federal Information Processing Standard) certification for cryptographic products sold to the US government. There are parallel certifications in other countries, a non-trivial and complex process. There are many companies with the only purpose of helping companies navigate the FIPS-140 certification process. There are "accredited certification labs" you must contract to get the certification.Although this was once a fairly niche topic, it is no longer so. Other industries-banking,  military, healthcare, air travel, and more have adopted FIPS certification for cryptographic products. The demand for these services has grown exponentially. Still, the available skills pool has not. Many people are working on products with zero usable information on what to do to meet these standards and achieve certification or even understand if such certification applies to their products.This book is intended to provide practical information to practitioners to understand yhy you should choose certification, what are the pros and cons, how they need to design to comply with the specifications (FIPS-140, SP800 documents and related international specs such as AIS31, GM/T-0005-2021, etc.), and how to perform compliance testing. It will also cover how to interact with accredited certification labs and how to interact with related industry forums (CMUF, ICMC). In short, everything you need to know to make good decisions and sound designs in a certified context.What you'll learnWhat is FIPS-140? What is the SP800 standard?What is certification, what does it look like, what is it suitable for?What is NIST? What does it do?What do accredited certification labs do?What do certification consultants do?Where and when is certification required?What do FIPS-140 modules look like? Examples.What are sub-components of FIPS-140 modules (RNGs, PUFs, crypto functions)? How does certification work for those?Physical primitives (RNGs, PUFs, Key stores) - The additional complexity of certifying those under FIPS.What are the compliance algorithms? (AES, SP800-90 algos, SHA, ECDSA, key agreement, etc.)How to design for certification? (BIST, startup tests, secure boundaries, test access, zeroiation etc.)How to get CAVP certificates (cert houses, ACVT)How to get CMVP certifications (cert houses, required documents, design information, security policy, etc.)Who This Book Is ForReaders will typically be working hardware and software engineers or managers of engineering programs that include any form of cryptographic functionality. This includes silicon vendors, library vendors, OS vendors, system integrators.

Parametre knihy

Zaradenie knihy Knihy po anglicky Computing & information technology Computer security

• Celý názov: Designing to FIPS-140
• Podnázov: A Guide for Engineers and Programmers
• Autor: David Johnston, Richard Fant
• Jazyk: Angličtina
• Väzba: Brožovaná
• EAN: 9798868801242
• ID: 44487399
• Nakladateľ: Springer, Berlin
• Rozmery: 254 × 178 mm
• Dátum vydania: 13. May 2024

---

---

---