FIPS (Federal Information Processing Standard )140-2 is one of the most rigorous cybersecurity standards that exist today for the cryptographic module of a product, which certification corresponds to the NIST (National Institute of Standards and Technology). Therefore, we are pleased to communicate that, after working side by side with Anqlave, Anqlave Data Vault (ADV) product has obtained the FIPS 140-2 certification.
An innovative integration, challenge accepted.
Anqlave is a manufacturer of products dedicated to the development of native security products using hardware that follows a RoT (Root of Trust) scheme and wanted to be the first virtual HSM stored in Azure Cloud that leverages Intel® Software Guard Extensions (Intel® SGX) technology.
Anqlave had never certified any of their products according to the demanding FIPS 140-2 standards. With no previous experience in certification, it decided to trust in jtsec so that we could offer all our expertise in high level certifications, such as Common Criteria or FIPS 140-2.
The main challenge was that no company had ever done an OpenSSL integration to Intel® Software Guard Extensions (Intel® SGX) Technology before, which was an added motivation for jtsec as a consultant specialized in cyber security.
Project management: client, consultancy and laboratory.
Every project we face begins with an exhaustive GAP Analysis of the product, in this case Anqlave Data Vault (ADV), where different requirements that the product had to implement to comply with the standard were detected.
jtsec experts supported Anqlave team to adapt their crypto module to meet FIPS 140-2 requirements demanded for Security Level 1.
Based on the requirements, jtsec prepared a first version of the documentation, later revised by Anqlave, a key step before the product goes into the laboratory.
Once we had a consistent version of the documentation, the work began with the laboratory, in this case Intertek EWA Canada, the laboratory that best fitted the needs of the project and a reference partner in the FIPS 140-2 certification.
At this point, a parallel work begins, the laboratory starts with the documentation evaluation at the same time that it performs the CAVP for the evaluation of the algorithms implemented by Anqlave in the product.
❝Thanks to the help of jtsec the certification process has been a success, collaborating at all times and contributing their valuable experience. Assaf Cohen, Anqlave CEO
During all this process, jtsec carried out a collaborative work, both with the laboratory and with the customer to correct possible inconsistencies found in the documentation, as well as possible implementation errors in the cryptographic algorithms. It is worth mentioning that in Anqlaves case, both the documentation and the implementation did not require excessive modifications.
