Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

New TCG guidance to help protect sensitive data held in federal systems from cyber attackers

September 2024 by Marc Jacob

A Trusted Platform Module (TPM) is used to check whether a device it is attached to is behaving in a predictable, trusted manner. Through the ‘TCG FIPS 140-3 guidance for TPM 2.0’ document from the Security Evaluation Work Group, vendors can ensure their TPM-enabled devices gain the necessary certification for use by government bodies. As a result, these organizations can use these for cryptographic operations, empowering them to ensure the integrity and security of their systems.

“TPM 2.0 devices need to be compliant with the latest Federal Information Processing Standard (FIPS) if they’re to protect the sensitive data held by the government and regulated organizations,” said Chair of the Security Evaluation Work Group at TCG, Olivier Collart. “Vendors are now racing to become compliant to FIPS 140-3 before 2026. Our guidance gives them the guidance they need to be successful in these endeavours.”

FIPS 140-3 refers to the third iteration of standards set out by the National Institute of Standards and Technology (NIST) for the protection of sensitive and valuable data. It provides the mandatory criteria which cryptographic modules must follow for use by government bodies in the United States and Canada.

By September 2026, all cryptographic modules must be FIPS 140-3 compliant in order to be used in government operations. The guidance document published by TCG is designed to ease the transition from FIPS 140-2 for vendors, outlining the steps they must take to achieve compliance before the deadline closes.

The guidance provides implementation recommendations and extensions for the TPM 2.0 necessary for successful FIPS 140-3 evaluation. It also focuses on new requirements of FIPS 140-3 ‘Level 1’ required by NIST for basic encryption and key management capabilities.

“The guidance provided by the Security Evaluation Work Group is essential, especially with the deadline for FIPS 140-3 looming over vendors”, said TCG President Joe Pennisi. “Because TCG has made it easier to attain certification, government bodies – as well as those operating in critical private sectors like healthcare – will have a significant number of FIPS certified solutions available to them to best address growing security concerns.”

Now the guidance document is published, further adoption is expe


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts