Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Is KMS FIPS140-2?

Created: 29 Apr 2013 • Updated: 17 Sep 2014 | 1 comment
This issue has been solved. See solution.

I had been looking into implementing drive based encryption for our LTO5 drives. I had come across a few interesting things dealing with regulations.

I see that Quantum's QEKM and SKM solutions are both FIPS 140-2 certified. I was trying to verify whether or not KMS is also.

I was reading an whitepaper written on Feb 28th by Don Peterson about KMS and on page 13 he wrote:

"In order for NetBackup to run in a FIPS 140-2 mode, the cryptographic primitives used in NetBackup client encryption, the NetBackup KMS, the OST encryption plug-in (used to encrypt data going to Cloud or AdvancedDisk storage pools) and NBAC will be updated use a crypto module that Symantec will have FIPS validated. This will result in a FIPS 140-2 validation certificate for Symantec for this crypto module."

http://www.symantec.com/business/support/resources...

I tried to look at the NIST validations 140-1 and 140-2 but the only Symantec product I could find that is close is:

Symantec Cryptographic Module

(Software Version: 1.0)

Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional, Windows 2000

-FIPS-approved algorithms: AES (Cert. #164); Triple-DES (Cert. #266); SHS (Cert. #248); HMAC (Cert. #5); RNG (Cert. #12)

-Other algorithms: N/A

Multi-chip standalone

"The Symantec Cryptographic Module is a software library that contains FIPS-approved cryptographic algorithms. This module provides encryption functionality for selected Symantec products."

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm

Does anyone know if these are the libraries that were spoken about in the article? If so are there any other configuration's or requirements to make KMS FIPS certified?

Thanks,

Comments 1 CommentJump to latest comment

CRZ's picture

I can't answer your specific question, but to the one you posed in the thread title:  When KMS gets FIPS validation, the white paper will be updated to say "yes," but for now, the answer is "no."  If you require more detail than is in the white paper, you should email the address on the "cover" of the white paper.

NetBackup Encryption and Key Management Solutions
 http://symantec.com/docs/TECH203420

(same link as above, except this is the container, not just the PDF)


bit.ly/76LBN | APPLBN | 75LBN

SOLUTION