FedRAMP and Encryption

FedRAMP encryption featured

A critical component of the FedRAMP framework is its adherence to cryptographic standards, specifically the Federal Information Processing Standard (FIPS) 140-3. Data privacy is essential to compliance, and the National Institute of Standards and Technology has clearly defined the requirements for just how a FedRAMP-compliance organization encrypts its data. 

This article will cover those requirements and how to approach them in your organization.

 

Read More

Encryption and NIST FIPS 140 (FIPS 140-2)

FIPS featured

In April 2022, NIST stopped accepting applications for validation certificates for the FIPS 140-2 standard of security in lieu of the updated FIPS 140-3. While many companies are still waiting for their FIPS 140-2 certification (if they got their application in before the April deadline), many are now considering adopting the new 140-3 standard. 

But, to understand the new standard, it’s important to understand the old. FIPS 140-2 has been the NIST standard for cryptography for almost two decades, and its impact will still be felt for years to come. 

 

Read More