FIPS 140-2 Workshop

1 day

This course is aimed at development team members who will be involved in a FIPS 140-2 evaluation.

Steve Weingart, BSEE, CISA, Texas PI; has worked in security and cryptography for over 25 years since he joined IBM's Thomas J. Watson Research Center in the 1980's. He was on the panel that was convened by NIST to write FIPS 140-1 and was the lead hardware and physical security engineer for IBM's 4758, the first FIPS 140-1 security level 4 device validated. Steve has since worked as a developer, tester and consultant on dozens of FIPS 140, security and cryptography related projects. He currently is a Principal Consultant at atsec where he performs standards testing, training and consulting for FIPS 140 and other security standards.

Basic knowledge of FIPS 140-2 standard, a working knowledge of cryptography and supporting functions such as key management is helpful.

Course Goals:
After completing this course, the trainee will have the knowledge and skills to:

  • Understand FIPS 140-2 security requirements for each level
  • Understand testing requirements
  • Understand the required Security Policy content

Course Outline:

  • Introduction and FIPS History
  • Cryptographic Module Validation Program (CMVP)
  • Validation Process
  • Cryptographic Modules
  • FIPS 140-2 Standard Structure
  • Functional Areas
  • Derived Test Requirements (DTR)
  • Cryptographic Algorithm Validation Process
  • Discussion

If you have any questions about the course, please contact

Andreas Fabis
(512) 615-7317

November 4-6 2015, Washington, DC