Meeting Government Security Requirements: The Difference Between Selling to the Government and Not
Federal Information Processing Standard (FIPS) 140-2 has become the de facto security standard within the governmentnot only in the United States, but in other countries as well. Other industries such as healthcare and finance have also adopted FIPS 140-2 because of the high degree of security it specifies. Under the US Federal Government's Crypto Modernization Program, requirements such as Elliptic Curve Cryptography are also making headway in the government space and will have greater impact in the future.
However, the road to FIPS Validation is long, complex and expensive, and the FIPS standards themselves require constant monitoring to ensure compliance. Vendors looking to capitalize on sales to the government need a solution that will simplify the process of getting to market for them and offer the flexibility to meet future requirements.