{"product_id":"designing-to-fips-140-a-guide-for-engineers-and-programmers-paperback","title":"Designing to Fips-140: A Guide for Engineers and Programmers - Paperback","description":"\u003cdiv\u003e\u003cp style=\"text-align: right;\"\u003e\u003ca href=\"https:\/\/reportcopyrightinfringement.com\/\" target=\"_blank\" rel=\"nofollow\"\u003e\u003cb\u003eReport copyright infringement\u003c\/b\u003e\u003c\/a\u003e\u003c\/p\u003e\u003c\/div\u003e\u003cp\u003eby \u003cb\u003eDavid Johnston\u003c\/b\u003e (Author), \u003cb\u003eRichard Fant\u003c\/b\u003e (Author)\u003c\/p\u003e\u003cp\u003e\u003c\/p\u003e\u003cp\u003eThis book provides detailed and practical information for practitioners to understand why they should choose certification. It covers the pros and cons, and shows how to design to comply with the specifications (FIPS-140, SP800 documents, and related international specs such as AIS31, GM\/T-0005-2021, etc.). It also covers how to perform compliance testing. By the end of the book, you will know how to interact with accredited certification labs and with related industry forums (CMUF, ICMC). In short, the book covers everything you need to know to make sound designs.\u003cbr\u003e\u003c\/p\u003eThere is a process for FIPS-140 (Federal Information Processing Standard) certification for cryptographic products sold to the US government. And there are parallel certifications in other countries, resulting in a non-trivial and complex process. A large market of companies has grown to help companies navigate the FIPS-140 certification process. And there are accredited certification labs you must contract toget the certification.\u003cbr\u003e\u003cp\u003eAlthough this was once a fairly niche topic, it is no longer so. Other industries--banking, military, healthcare, air travel, and more--have adopted FIPS certification for cryptographic products. The demand for these services has grown exponentially. Still, the available skills pool has not grown. Many people are working on products with zero usable information on what to do to meet these standards and achieve certification or even understand if such certification applies to their products.\u003c\/p\u003e \u003cp\u003e\u003cbr\u003e\u003c\/p\u003e\u003cp\u003e\u003cb\u003eWhat You Will Learn\u003c\/b\u003e\u003cbr\u003e\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eWhat is FIPS-140? What is the SP800 standard?\u003c\/li\u003e\n\u003cli\u003eWhat is certification? What does it look like? What is it suitable for?\u003c\/li\u003e\n\u003cli\u003eWhat is NIST? What does it do?\u003c\/li\u003e\n\u003cli\u003eWhat do accredited certification labs do?\u003c\/li\u003e\n\u003cli\u003eWhat do certification consultants do?\u003c\/li\u003e\n\u003cli\u003eWhere and when is certification required?\u003c\/li\u003e\n\u003cli\u003eWhat do FIPS-140 modules look like?\u003c\/li\u003e\n\u003cli\u003eWhat are the sub-components of FIPS-140 modules (RNGs, PUFs, crypto functions)? How does certification work for them?\u003c\/li\u003e\n\u003cli\u003eWhat are the physical primitives (RNGs, PUFs, key stores) and how do you handle the additional complexity of certifying them under FIPS?\u003c\/li\u003e\n\u003cli\u003eWhat are the compliance algorithms (AES, SP800-90 algos, SHA, ECDSA, key agreement, etc.)?\u003c\/li\u003e\n\u003cli\u003eHow do you design for certification (BIST, startup tests, secure boundaries, test access, zeroization, etc.)?\u003c\/li\u003e\n\u003cli\u003eHow do you get CAVP certificates (cert houses, ACVTs)?\u003c\/li\u003e\n\u003cli\u003eHow do you get CMVP certifications (cert houses, required documents, design information, security policy, etc.)?\u003c\/li\u003e\n\u003c\/ul\u003e\u003cp\u003e\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e\u003cbr\u003e\u003c\/b\u003e\u003c\/p\u003e\u003cp\u003e\u003cb\u003eWho This Book Is For\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eHardware and software engineers or managers of engineering programs that include any form of cryptographic functionality, including silicon vendors, library vendors, OS vendors, and system integrators\u003c\/p\u003e\u003ch3\u003eBack Jacket\u003c\/h3\u003e\u003cp\u003eThis book provides detailed and practical information for practitioners to understand why they should choose certification. It covers the pros and cons, and shows how to design to comply with the specifications (FIPS-140, SP800 documents, and related international specs such as AIS31, GM\/T-0005-2021, etc.). It also covers how to perform compliance testing. By the end of the book, you will know how to interact with accredited certification labs and with related industry forums (CMUF, ICMC). In short, the book covers everything you need to know to make sound designs.There is a process for FIPS-140 (Federal Information Processing Standard) certification for cryptographic products sold to the US government. And there are parallel certifications in other countries, resulting in a non-trivial and complex process. A large market of companies has grown to help companies navigate the FIPS-140 certification process. And there are accredited certification labs you must contract to get the certification.\u003cbr\u003e\u003c\/p\u003e\u003cp\u003eAlthough this was once a fairly niche topic, it is no longer so. Other industries--banking, military, healthcare, air travel, and more--have adopted FIPS certification for cryptographic products. The demand for these services has grown exponentially. Still, the available skills pool has not grown. Many people are working on products with zero usable information on what to do to meet these standards and achieve certification or even understand if such certification applies to their products.\u003c\/p\u003e\u003cp\u003eWhat You Will Learn\u003cbr\u003e\u003c\/p\u003e\u003cp\u003e\u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eWhat is FIPS-140? What is the SP800 standard?\u003c\/li\u003e\n\u003cli\u003eWhat is certification? What does it look like? What is it suitable for?\u003c\/li\u003e\n\u003cli\u003eWhat is NIST? What does it do?\u003c\/li\u003e\n\u003cli\u003eWhat do accredited certification labs do?\u003c\/li\u003e\n\u003cli\u003eWhat do certification consultants do?\u003c\/li\u003e\n\u003cli\u003eWhere and when is certification required?\u003c\/li\u003e\n\u003cli\u003eWhat do FIPS-140 modules look like?\u003c\/li\u003e\n\u003cli\u003eWhat are the sub-components of FIPS-140 modules (RNGs, PUFs, crypto functions)? How does certification work for them?\u003c\/li\u003e\n\u003cli\u003eWhat are the physical primitives (RNGs, PUFs, key stores) and how do you handle the additional complexity of certifying them under FIPS?\u003c\/li\u003e\n\u003cli\u003eWhat are the compliance algorithms (AES, SP800-90 algos, SHA, ECDSA, key agreement, etc.)?\u003c\/li\u003e\n\u003cli\u003eHow do you design for certification (BIST, startup tests, secure boundaries, test access, zeroization, etc.)?\u003c\/li\u003e\n\u003cli\u003eHow do you get CAVP certificates (cert houses, ACVTs)?\u003c\/li\u003e\n\u003cli\u003eHow do you get CMVP certifications (cert houses, required documents, design information, security policy, etc.)?\u003c\/li\u003e\n\u003c\/ul\u003e\u003ch3\u003eAuthor Biography\u003c\/h3\u003e\u003cp\u003e\u003cb\u003eDavid Johnston\u003c\/b\u003e is an engineer at Intel working on cryptographic hardware used in Intel CPUs and other silicon products. He has been directly involved in the development of the SP800-90 and FIPS140 standard revisions and is active in FIPS-related industry forums--he has several FIPS and CAVP certifications. David spent 30 years in various hardware and software roles and is the author of \u003ci\u003eRandom Number Generators, Principles and Practices\u003c\/i\u003e.\u003c\/p\u003e\u003cp\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eRichard Fant\u003c\/b\u003e performs security assessments for Intel products and platforms by evaluating the FIPS 140-3 compliance and design strategy for the FPGA Business Unit (Programmable Solution Group). He also helps lead the Intel FIPS CoE (Center of Excellence) across other Intel business units. Richard has two bachelor's degrees from the University of Texas: (Computer Science and Mathematics) as well as a master's degree in Cybersecurity from Syracuse University. He has worked in the semiconductor industry for 20+ years for companies such as Motorola, AMD, and Intel. He also worked at Atsec Information Security performing FIPS evaluations for various semiconductor manufacturers. \u003c\/p\u003e \u003cp\u003eIn his free time, Richard likes to engage in his other passions: half-marathons and travel. To date, he has run a half-marathon on every continent except Antarctica. While visiting those faraway places, he frequently enjoys testing the laws of entropy at the casinos located there. He has lived in Austin, Texas his entire life and yet has racked up over 2 million frequent flyer miles from traveling about the world for work and fun.\u003c\/p\u003e\n            \u003cdiv\u003e\n\u003cstrong\u003eNumber of Pages:\u003c\/strong\u003e 213\u003c\/div\u003e\n            \u003cdiv\u003e\n\u003cstrong\u003eDimensions:\u003c\/strong\u003e 0.49 x 10 x 7 IN\u003c\/div\u003e\n            \u003cdiv\u003e\n\u003cstrong\u003eIllustrated:\u003c\/strong\u003e Yes\u003c\/div\u003e\n            \u003cdiv\u003e\n\u003cstrong\u003ePublication Date:\u003c\/strong\u003e April 26, 2024\u003c\/div\u003e\n            ","brand":"BooksCloud","offers":[{"title":"Default Title","offer_id":52494105936179,"sku":"9798868801242","price":71.78,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0300\/5595\/6612\/files\/zTPLuUHzja9798868801242.webp?v=1759971293","url":"https:\/\/www.vysn.com\/en-ca\/products\/designing-to-fips-140-a-guide-for-engineers-and-programmers-paperback","provider":"VYSN","version":"1.0","type":"link"}