FIPS 140-2 Validated
Federally-accredited security for Ixia's Network Packet Brokers
All of Ixia's Network Packet Brokers are now FIPS 140-2 validated. Government agencies, military, and other security-conscious organizations can be assured that these visibility solutions meet the highest standards of security integrity. The most recent certifications utilize a software module approach, which means these new certificates will always benefit from the latest software enhancements. The certificates will be valid on all Vision NPBs, including Vision Edge OS and future Vision NPBs.
What is FIPS 140-2?
FIPS 140-2 is a set of standards created by the NIST (National Institute of Standards and Technology) and the CCCS (Canadian Centre for Cyber Security) that outlines security requirements for cryptographic solutions and modules. Products are tested against eleven areas of security requirements related to the design and implementation of a cryptographic module with each module receiving a security level rating from 1 to 4.
The FIPS 140-2 program ensures that all cryptographic keys and algorithms conform to strict NIST guidelines. There are four levels of FIPS 140-2 security.
The first and most fundamental level of FIPS 140-2 security, Level 1 specifies the inclusion of at least one approved algorithm or security function. At this level, physical security for the device itself beyond normal production hardware is not required. One example of Level 1 security is an encryption board running on a PC.
FIPS 140-2 Level 2 extends and enhances Level 1 by adding the requirement for tamper resistance, including pick resistant locks, covers and doors as well as tamper evident coatings or seals preventing physical access.
Like lower levels, Level 3 extends and enhances the security of lower levels by adding physical security mechanisms that include tamper detection and response mechanisms that can zero out or wipe critical security parameters within a device.
FIPS 140-2 Level 4 requires that the cryptographic module in question be protected from compromise by physical security mechanisms likely to detect tampering and reply to such attempts by wiping all plaintext critical security parameters. The module should also protect against environmental attacks including attempts to compromise via voltage and/or temperature outside the normal operating range.