FIPS 140-2 and the cloud (G11a)
The Federal Information Processing Standard (FIPS) 140-2 was published at a time when the full operational environment, from the cryptographic module to the processor, was definable, self-contained, and controlled by a single operator. With the arrival of cloud computing, these basic assumptions are no longer valid. The operational environment is not shippable to a lab, and it is not self-contained. Moreover, there are at least two operators in the environment. In this session, Alan Halachmi, Sr. Manager of Solutions Architecture at Amazon Web Services, describes the opportunities and challenges of bringing FIPS 140 to the cloud. We’re review current state, proposals for standards modification, and new validation approaches under evaluation.