We all transmit and store sensitive and confidential electronic data in our everyday lives. Consumers send their credit card numbers across the Internet to make online purchases. Corporations store financial and medical information. This data must be protected and encryption (or cryptographic techlogies) is the last line of defense against unauthorized access to this precious information. The Federal Information Processing Standard 140 (FIPS 140) is an internationally-recognized standard for assessing and validating that the cryptographic techlogies used in our computer systems and networks are secure. The FIPS 140 validation process can be confusing and mystifying to the uninitiated. FIPS 140 Demystified: An Introductory Guide for Developers is the first book to unravel the complexities and intricacies of this product testing process. In this book, the reader will learn: -What the FIPS 140 standards cover -How much the testing process costs in terms of hours and money -Who needs to be involved in the process -What practices help ensure a successful validation -How examples demonstrate real-world situations and solutions -What the issues are with FIPS 140 -What the future holds for FIPS 140 Leveraging the experience of many FIPS 140 validation projects, the authors have gathered valuable lessons learned to produce this book. It removes the clouds of uncertainty about the validation process and shines a light on the best practices to follow on the path toward success. FIPS 140 Demystified: An Introductory Guide for Developers is an essential tool to help product developers understand the complex FIPS 140 security requirements and how to complete a successful validation project.
Wes Higaki is the Director of Certifications Strategy at Apex Assurance Group. Prior to joining Apex, Wes was the director of Product Certifications at Symantec Corporation where he oversaw all of the company's Common Criteria, FIPS-140, and ICSA certifications. Wes also managed the team responsible for the secure development of software products. He is the co-founder of the Common Criteria Vendors' Forum (CCVF), an informal group of vendors dealing with Common Criteria evaluation issues, and he is the author and publisher of Successful Common Criteria Evaluations: A Practical Guide for Vendors. Ray Potter is the Managing Director of Apex Assurance Group and is responsible for the operations and delivery of the firm's consulting and program management services. He was formerly the Manager of the Security Assurance Program at Cisco Systems, where he was responsible for the direction, strategy, and operations of Cisco's global security certification and assurance initiatives, including the FIPS 140, Common Criteria, and ICSA programs. He was the single point of contact for standards bodies, Cisco's customers, and product teams.