Lessons in Cyber Security: FIPS 140-2 Security Regulations
All security is not created equal but it can be hard to separate types and levels of security especially in the context of security professionals trying to make a sale. There are standardized levels of security established by the U.S. government to ensure that at the very least, government information is secure. These standards also set up a guide system for the private sector where companies can receive government validation at different levels as a seal of quality. One standard that has become somewhat well known among IT professionals is FIPS 140-2. FIPS 140-2 is the Federal Information Process Standard for encryption required for any hardware or software used in government offices and some heavily regulated private industries such as banking and healthcare. In order to provide software or hardware to the U.S. government for use collecting, storing, transferring, and disseminating any information that is considered sensitive but unclassified that piece of equipment or software must be validated as FIPS 140-2 compliant. The government relies on the National Institute of Standards and Technology to provide validation approval to inquiring businesses and developers.
Most IT professionals try to achieve FIPS 140-2 validation at the least to promote their efforts as secure. Online banking software programs tend to be a step higher on the standards ladder, since banking information is among the most sensitive data that is transmitted through the private sector. Cybrix Group consistently works with encryption methods that go beyond online banking standards. Our military training makes us continually strive for total security. We consider online banking standards to be at the low end of the spectrum and try to provide our clients with the most secure data transmissions possible. Regulations will surely change in the future but Cybrix Group will always be ten steps ahead because we're never satisfied with the minimum requirements!