FIPS-140-1 was issued in 1994 and was developed by a government and industry working group. This group was composed of vendors and users of cryptographic hardware, who worked together to identify the four FIPS security levels as well as further requirements for each level.
FIPS-140-2 was issued in 2001 and takes into account the changes in available technology and official standards made since 1994. FIPS-140-2 was informed by the comments received from the vendor, tester, and user communities.
FIPS-140-3 was issued in 2019 to supersede FIPS-140-2. FIPS-140-3 aligns the NIST guidance around two international standards documents:
- ISO/IEC 19790:2012(E) Information technology — Security techniques — Security requirements for cryptographic modules
- ISO/IEC 24759:2017(E) Information technology — Security techniques — Test requirements for cryptographic modules
When Is FIPS-140 Used?
The Federal Information Security Management Act, also known as FISMA, requires all U.S. government agencies to use cryptography modules with FIPS-140-2 certification. U.S government contractors and third parties working for federal agencies are also required to be FIPS-140-2 certified. As mentioned, because FIPS-140-2 sets a high security benchmark and is globally recognized as a security best practice, many other industries have adopted the standard for the purpose of securing their own sensitive data—although they tend to look for compliance rather than certification. Most prominently, this includes the healthcare and financial services industries.
Why Is FIPS-140 Important?
FIPS-140-2 is widely considered to be the benchmark for security. It is perhaps the most important standard of the government market and is essential for non-military government agencies, government contractors, and vendors who work alongside government agencies.
The FIPS-140-2 certification provides assurance to users that a specific technology or hardware has passed rigorous testing by an accredited lab. It also ensures that the tests have been validated and that the product can be used to secure sensitive data. FIPS-140-2 and other similar security protocols are extremely important for MSPs, as they are likely to be handling large amounts of sensitive data on behalf of their customers. If customer data is compromised, this can have a disastrous impact on your MSP’s reputation, revenue, and business continuity.
Remote access with a FIPS-140 Compliance for Take Control Microsoft Connections
For MSPs looking for a trusted remote access solution that protects customer data, SolarWinds Take Control uses FIPS (140-2)-compliant cryptographic library modules to help secure Windows® device to Windows device remote connections.
Take Control helps you avoid vulnerabilities inherent in traditional RDP-based solutions by routing traffic through an intermediary that is much harder for hackers to penetrate. It uses advanced encryption standards, including FIPS-140-2 certified OpenSSL modules, to keep your sessions safe from malicious individuals. It also features AES 256 encryption and an Elliptic-Curve Diffie-Hellman (ECDH) protocol for establishing a secure connection each time a session between viewer and agent is created. Using tools with advanced encryption and FIPS 140-2 Compliant Components demonstrates to your customers that you are serious about security.
In addition, this remote access tool enables tighter control of user permissions and has an integrated password management utility that injects credentials into the system without the technician ever seeing them, further reducing risk. Take Control also leverages authentication apps for two-factor authentication (2FA), including Google Authenticator, Duo Mobile, Authy, and Microsoft Authenticator.
All in all, Take Control is an enterprise-grade, scalable, and user-friendly option for MSPs. Its remote access features include attended and unattended support, rapid connections, support for iOS and Android mobile devices, live chat and fast file transfers, and much more. To learn more and see for yourself, a 14-day free trial is available.
