Key management appliance provides certified, tamper-resistant protection for critical encryption keys
Thales, leader in information systems and communications security, announces that keyAuthority, a high-assurance enterprise key management solution, has successfully passed one of the most rigorous security test programs in the industry – FIPS 140-2 Level 3. This is the most widely recognized security benchmark for cryptographic devices around the world. Validation to FIPS 140-2 is a mandated requirement in many industry and government sectors and is a frequently stated best practice for any organization seeking to protect sensitive data.
Key facts:
- The Federal Information Processing Standards (FIPS) 140-2 validation scheme for cryptographic modules is jointly administered by the US National Institute of Standards and Technology (NIST) and the Canadian Communications Security Establishment (CSE).Testing is performed by certified independent test laboratories with validation ultimately being approved by NIST.
- The FIPS 140-2 scheme applies to a range of cryptographic devices including key managers and hardware security modules (HSMs) and supports multiple levels of validation that range from purely software based systems (Level 1) to fully hardened tamper resistant and tamper responsive systems that deliver significantly higher levels of assurance.
- Thales keyAuthority is a standards-based key management solution with a tamper resistant and tamper evident chassis that provides protection and policy based automation for the entire key management lifecycle ranging from key generation, key distribution, key archival and ultimately key destruction. keyAuthority can support up to 25 million keys used by thousands of cryptographic devices.
- keyAuthority includes support for legacy key management protocols and is the only security hardened solution that supports IBM tape and disk encryption via its native TKLM (Tivoli Key Lifecycle Manager) capability. Brocade encryption-enabled SAN switches are also supported.
Richard Moulds, vice president, strategy, Thales, says: “Key management systems protect the keys to the kingdom and therefore become one of the most attractive targets for attackers inside and outside the organization. Our customers recognize the need to deploy systems with enhanced levels of security but quantifying that requirement is notoriously difficult, FIPS 140-2 Level 3 provides a convenient and yet meaningful benchmark. It’s easy for vendors to make security claims about their products and therefore this validation of keyAuthority by NIST gives our customers the confidence that they need in order to trust our products with their most valuable digital assets, today and into the future.”
Supporting resources:
- Thales keyAuthority
- Thales product certifications
- NIST
For industry insight and views on the latest key management trends check out our blogs https://cpl.thalesgroup.com/blog