Home Article New TCG guidance protects data in fed systems

New TCG guidance protects data in fed systems

New TCG guidance protects data in fed systems

Also Noted

Default Author Head Shot

By SSN Staff

Updated 4:36 PM CDT, Wed September 25, 2024

BEAVERTON, Ore. — New guidance to accelerate the availability of FIPS 140-3 certified cryptographic solutions has been published by the Trusted Computing Group (TCG).

FIPS 140-3 refers to the third iteration of standards set out by the National Institute of Standards and Technology (NIST) for the protection of sensitive and valuable data. It provides the mandatory criteria which cryptographic modules must follow for use by government bodies in the United States and Canada. A Trusted Platform Module (TPM) is used to check whether a device it is attached to is behaving in a predictable, trusted manner.

“TPM 2.0 devices need to be compliant with the latest Federal Information Processing Standard (FIPS) if they’re to protect the sensitive data held by the government and regulated organizations,” said Chair of the Security Evaluation Work Group at TCG, Olivier Collart. “Vendors are now racing to become compliant to FIPS 140-3 before 2026. Our guidance gives them the guidance they need to be successful in these endeavours.”

By September 2026, all cryptographic modules must be FIPS 140-3 compliant in order to be used in government operations. The guidance document published by TCG is designed to ease the transition from FIPS 140-2 for vendors, outlining the steps they must take to achieve compliance before the deadline closes. The guidance provides implementation recommendations and extensions for the TPM 2.0 necessary for successful FIPS 140-3 evaluation. It also focuses on new requirements of FIPS 140-3 ‘Level 1’ required by NIST for basic encryption and key management capabilities.

“The guidance provided by the Security Evaluation Work Group is essential, especially with the deadline for FIPS 140-3 looming over vendors”, said TCG President Joe Pennisi. “Because TCG has made it easier to attain certification, government bodies – as well as those operating in critical private sectors like healthcare – will have a significant number of FIPS certified solutions available to them to best address growing security concerns.”

Full details on the guidance document can be found on the TCG website.

Comments

To comment on this post, please log in to your account or set up an account now.