Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Certification Security Blanket: Page 3 of 9

But out of context, an EAL rating is meaningless. Many firewalls, for instance, have an EAL4 rating, but that doesn't tell you much unless you read the ST, PP and Certification Report. Cross-reference the claims in the ST and PP, too, using CC Parts 2 and 3 so you'll be sure to know what was tested.

Cryptic Certification

FIPS-140-2 is a certification for cryptographic modules sponsored by the National Institute of Standards and Technology (NIST). It makes FIPS-140-1 obsolete, though version 1 is still valid for existing products.

NIST-approved labs test new products to FIPS-140-2, which ensures that cryptographic subsystems are implemented correctly and provide an adequate level of protection for stored, sensitive data.

FIPS-140-2 defines four levels of security assurance, from lowest to highest, with each building on the previous one. Level 1 means the product properly implements the NIST standardized cryptographic algorithms, including DES (Data Encryption Standard), 3DES (Triple DES) and AES (Advanced Encryption Standard).