The Australian and United States governments take computer security very seriously.
While there is military grade encryption in that sector, the government sector is also protected by the Federal Information Processing Standards (FIPS) which has been developed by National Institute of Standards and Technology (NIST) in accordance with the Federal Information Security Management Act (FISMA) and approved by the Secretary of Commerce.
FIPS was developed to plug holes in the government IT sector where there are no acceptable industry standards or solutions for a particular government requirement.
It covers document processing, encryption algorithms, and other information technology standards to enable complete protection from intrusion.
While FIPS was developed for government agencies, it is also freely available for the private sector as well to ensure they are completely protected.
What does this mean for Australian SMBs?
While FIPS is an American construct, there is an Australian equivalent. The UK has the CAPS scheme while Canada has the Canadian Cryptographic Module Validation Program (CMVP). The Australian Signals Directorate (ASD) Cryptographic Evaluation has tests for cryptographic vulnerabilities in government systems.
This is the same as FIPS, using Australian and New Zealand government agencies testing procedures to ensure the strength and quality of the cryptographic security they use to protect official information and systems.
To date, though, this testing process is restricted to government agencies only and is not available for the average Australian SMB. That is where FIPS can fill the gap.
Windows operating systems comply with the US government FIPS 140 standard and have a built-in FIPS mode which can be activated through the control panel.
This will force Windows to use only FIPS-validated cryptography and block access to newer cryptography schemes that haven’t been FIPS-validated.
While this will improve security, it will limit your system performance and restrict your access to new encryption schemes or faster ways of using the same encryption schemes.
Why should I use FIPS?
Turning on FIPS mode is not for the average Australian business and will likely cause frustration through slower performance and programs and processes that will not work at all.
Where FIPS becomes necessary is when your SMB is working and connected to government network and infrastructure in the United States. In this instance, it is a requirement to activate FIPS mode for communications to ensure you are compliant.
For SMBs that do not access or communicate with US government services, FIPS mode is not necessary.
How EMPR Solutions can help
FIPS is an extremely powerful cryptographic system, but it is not recommended for the average SMB or home user.
With United States government agencies bound to be compliant with FIPS, though, it is something that SMBs must consider if they interact with these agencies.
At EMPR Solutions, we offer customer-serviced based solutions and advice to ensure your system is as secure as possible. Contact us to find out if FIPS is a standard that can benefit your SMB, or whether a more conventional protection plan is better suited to your needs.
Get a free assessment or learn how our inhouse experts can help optimise your workplace with custom tailored solutions on 1300 289 867. Alternatively, connect with us on firstname.lastname@example.org.
– Josh Alston