FIPS 140-2 Compliance

Thales e-Security assists with data security compliance and encryption for FIPS 140-2.

FIPS 140-2

FIPS 140-2 provides a standard that will be used by Federal organizations when these organizations specify the need for cryptographic-based systems to secure sensitive or valuable data. Thales e-Security can help you meet this standard.

vormetric data security manager
Encryption Standards

According to FIPS Publication 140-2:

[It] provides a standard that will be used by Federal organizations when these organizations specify that cryptographic-based security systems are to be used to provide protection for sensitive or valuable data. Protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module. This standard specifies the security requirements that will be satisfied by a cryptographic module.

The FIPS 140-2 compliance standard provides four increasing qualitative levels of security intended to cover a wide range of potential applications and environments. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include cryptographic module specification; cryptographic module ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks.

Thales e-Security Support for FIPS 140-2 Compliance Standards

Thales e-Security’s Vormetric Data Security Management is available as a FIPS 140-2 Level 2 or Level 3 validated appliance. Core Thales e-Security capabilities that help meet all these compliance standards include:

  • Encryption and Key Management: Strong, centrally managed, file, volume and application encryption combined with simple, centralized key management that is transparent to processes, applications and users.
  • Access Policies and Privileged User Controls: Restrict access to encrypted data – permitting data to be decrypted only for authorized users and applications, while allowing privileged users to perform IT operations without the ability to see protected information.
  • Security Intelligence: Logs that capture access attempts to protected data, providing high value security intelligence information that can be used with a Security Information and Event Management (SIEM) solution and for compliance reporting.

In addition to helping you comply with FIPS 140-2; FedRAMP; FIPS 199; FIPS 200; FISMA; and NIST 800-53, Revision 4, Vormetric security solutions from Thales e-Security are designed to help you comply with:

The Vormetric Data Security Platform

The Vormetric Data Security Platform from Thales e-Security is the only solution with a single extensible framework for protecting data-at-rest under the diverse requirements of Federal Agencies across the broadest range of OS platforms, databases, cloud environments and big data implementations. The result is low total cost of ownership, as well as simple, efficient deployment and operation.

Vormetric Transparent Encryption

Vormetric Transparent Encryption from Thales e-Security provides file and volume level data-at-rest encryption, secure key management and access controls required by regulation and compliance regimes.

Vormetric Key Management

Vormetric Key Management from Thales e-Security enables centralized management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.

Vormetric Data Security Intelligence

Vormetric Data Security Intelligence from Thales e-Security provides another level of protection from malicious insiders, privileged users, APTs and other attacks that compromise data by delivering the access pattern information that can identify an incident in progress.

Vormetric Application Encryption

Vormetric Application Encryption enables agencies to easily build encryption capabilities into internal applications at the field and column level.

Vormetric Tokenization with Dynamic Masking

Vormetric Tokenization with Dynamic Masking from Thales e-Security lets administrators establish policies to return an entire field tokenized or dynamically mask parts of a field. With the solution’s format-preserving tokenization capabilities, you can restrict access to sensitive assets, yet at the same time, format the protected data in a way that enables many users to do their jobs.

Vormetric Cloud Encryption Gateway

The Vormetric Cloud Encryption Gateway from Thales e-Security safeguards files in cloud storage environments. It encrypts sensitive data before it is saved to the cloud enabling security teams to establish the visibility and control they need around sensitive assets. Because Vormetric’s Cloud Encryption Gateway relies on Thales e-Security's Vormetric Data Security Manager for encryption key and policy management, customers never relinquish control of cryptographic keys to the provider and data never leaves the enterprise premises unencrypted or unaccounted for.

Watch our interactive demo Explore
Schedule a live demo Schedule
Get in contact with a specialist Contact us