Language:
English
繁體中文
Help
圖資館首頁
Login
Back
Switch To:
Labeled
|
MARC Mode
|
ISBD
Designing to FIPS-140a guide for eng...
~
Fant, Richard.
Designing to FIPS-140a guide for engineers and programmers /
Record Type:
Electronic resources : Monograph/item
Title/Author:
Designing to FIPS-140by David Johnston, Richard Fant.
Reminder of title:
a guide for engineers and programmers /
Author:
Johnston, David.
other author:
Fant, Richard.
Published:
Berkeley, CA :Apress :2024.
Description:
xvi, 213 p. :ill., digital ;24 cm.
Contained By:
Springer Nature eBook
Subject:
Data encryption (Computer science)
Online resource:
https://doi.org/10.1007/979-8-8688-0125-9
ISBN:
9798868801259$q(electronic bk.)
Designing to FIPS-140a guide for engineers and programmers /
Johnston, David.
Designing to FIPS-140
a guide for engineers and programmers /[electronic resource] :by David Johnston, Richard Fant. - Berkeley, CA :Apress :2024. - xvi, 213 p. :ill., digital ;24 cm.
Chapter 1: FIPS140 -- Chapter 2: FIPS Technical Details -- Chapter 3: Security Levels (1,2,3,4) -- Chapter 4: Subordinate Specs -- Chapter 5: Working with Accredited Certification Labs -- Chapter 6: Documentation Requirements -- Chapter 7: Algorithm Validation -- Chapter 8: Industry Forums.
This book provides detailed and practical information for practitioners to understand why they should choose certification. It covers the pros and cons, and shows how to design to comply with the specifications (FIPS-140, SP800 documents, and related international specs such as AIS31, GM/T-0005-2021, etc.) It also covers how to perform compliance testing. By the end of the book, you will know how to interact with accredited certification labs and with related industry forums (CMUF, ICMC) In short, the book covers everything you need to know to make sound designs. There is a process for FIPS-140 (Federal Information Processing Standard) certification for cryptographic products sold to the US government. And there are parallel certifications in other countries, resulting in a non-trivial and complex process. A large market of companies has grown to help companies navigate the FIPS-140 certification process. And there are accredited certification labs you must contract to get the certification. Although this was once a fairly niche topic, it is no longer so. Other industries-banking, military, healthcare, air travel, and more-have adopted FIPS certification for cryptographic products. The demand for these services has grown exponentially. Still, the available skills pool has not grown. Many people are working on products with zero usable information on what to do to meet these standards and achieve certification or even understand if such certification applies to their products. What You Will Learn What is FIPS-140? What is the SP800 standard? What is certification? What does it look like? What is it suitable for? What is NIST? What does it do? What do accredited certification labs do? What do certification consultants do? Where and when is certification required? What do FIPS-140 modules look like? What are the sub-components of FIPS-140 modules (RNGs, PUFs, crypto functions)? How does certification work for them? What are the physical primitives (RNGs, PUFs, key stores) and how do you handle the additional complexity of certifying them under FIPS? What are the compliance algorithms (AES, SP800-90 algos, SHA, ECDSA, key agreement, etc.)? How do you design for certification (BIST, startup tests, secure boundaries, test access, zeroization, etc.)? How do you get CAVP certificates (cert houses, ACVTs)? How do you get CMVP certifications (cert houses, required documents, design information, security policy, etc.)?
ISBN: 9798868801259$q(electronic bk.)
Standard No.: 10.1007/979-8-8688-0125-9doiSubjects--Topical Terms:
184520
Data encryption (Computer science)
LC Class. No.: QA76.9.A25
Dewey Class. No.: 005.824
Designing to FIPS-140a guide for engineers and programmers /
LDR
:03811nmm a22003495a 4500
001
665622
003
DE-He213
005
20240426093336.0
006
m d
007
cr nn 008maaau
008
241219s2024 cau s 0 eng d
020
$a
9798868801259$q(electronic bk.)
020
$a
9798868801242$q(paper)
024
7
$a
10.1007/979-8-8688-0125-9
$2
doi
035
$a
979-8-8688-0125-9
040
$a
GP
$c
GP
041
0
$a
eng
050
4
$a
QA76.9.A25
072
7
$a
UR
$2
bicssc
072
7
$a
UTN
$2
bicssc
072
7
$a
COM053000
$2
bisacsh
072
7
$a
UR
$2
thema
072
7
$a
UTN
$2
thema
082
0 4
$a
005.824
$2
23
090
$a
QA76.9.A25
$b
J72 2024
100
1
$a
Johnston, David.
$3
226181
245
1 0
$a
Designing to FIPS-140
$h
[electronic resource] :
$b
a guide for engineers and programmers /
$c
by David Johnston, Richard Fant.
260
$a
Berkeley, CA :
$b
Apress :
$b
Imprint: Apress,
$c
2024.
300
$a
xvi, 213 p. :
$b
ill., digital ;
$c
24 cm.
505
0
$a
Chapter 1: FIPS140 -- Chapter 2: FIPS Technical Details -- Chapter 3: Security Levels (1,2,3,4) -- Chapter 4: Subordinate Specs -- Chapter 5: Working with Accredited Certification Labs -- Chapter 6: Documentation Requirements -- Chapter 7: Algorithm Validation -- Chapter 8: Industry Forums.
520
$a
This book provides detailed and practical information for practitioners to understand why they should choose certification. It covers the pros and cons, and shows how to design to comply with the specifications (FIPS-140, SP800 documents, and related international specs such as AIS31, GM/T-0005-2021, etc.) It also covers how to perform compliance testing. By the end of the book, you will know how to interact with accredited certification labs and with related industry forums (CMUF, ICMC) In short, the book covers everything you need to know to make sound designs. There is a process for FIPS-140 (Federal Information Processing Standard) certification for cryptographic products sold to the US government. And there are parallel certifications in other countries, resulting in a non-trivial and complex process. A large market of companies has grown to help companies navigate the FIPS-140 certification process. And there are accredited certification labs you must contract to get the certification. Although this was once a fairly niche topic, it is no longer so. Other industries-banking, military, healthcare, air travel, and more-have adopted FIPS certification for cryptographic products. The demand for these services has grown exponentially. Still, the available skills pool has not grown. Many people are working on products with zero usable information on what to do to meet these standards and achieve certification or even understand if such certification applies to their products. What You Will Learn What is FIPS-140? What is the SP800 standard? What is certification? What does it look like? What is it suitable for? What is NIST? What does it do? What do accredited certification labs do? What do certification consultants do? Where and when is certification required? What do FIPS-140 modules look like? What are the sub-components of FIPS-140 modules (RNGs, PUFs, crypto functions)? How does certification work for them? What are the physical primitives (RNGs, PUFs, key stores) and how do you handle the additional complexity of certifying them under FIPS? What are the compliance algorithms (AES, SP800-90 algos, SHA, ECDSA, key agreement, etc.)? How do you design for certification (BIST, startup tests, secure boundaries, test access, zeroization, etc.)? How do you get CAVP certificates (cert houses, ACVTs)? How do you get CMVP certifications (cert houses, required documents, design information, security policy, etc.)?
650
0
$a
Data encryption (Computer science)
$3
184520
650
0
$a
Cryptography.
$3
189522
650
0
$a
Computer security
$x
Standards.
$3
719292
650
1 4
$a
Data and Information Security.
$3
913130
700
1
$a
Fant, Richard.
$3
978547
710
2
$a
SpringerLink (Online service)
$3
273601
773
0
$t
Springer Nature eBook
856
4 0
$u
https://doi.org/10.1007/979-8-8688-0125-9
950
$a
Professional and Applied Computing (SpringerNature-12059)
based on 0 review(s)
ALL
電子館藏
Items
1 records • Pages 1 •
1
Inventory Number
Location Name
Item Class
Material type
Call number
Usage Class
Loan Status
No. of reservations
Opac note
Attachments
000000242271
電子館藏
1圖書
電子書
EB QA76.9.A25 J72 2024 2024
一般使用(Normal)
On shelf
0
1 records • Pages 1 •
1
Multimedia
Multimedia file
https://doi.org/10.1007/979-8-8688-0125-9
Reviews
Add a review
and share your thoughts with other readers
Export
pickup library
Processing
...
Change password
Login