Need to move to OpenSSL 3.0/TLS 1.3 and still meet FIPS requirements? SafeLogic has you covered. LEARN MORE!

Contact Us!

BLOG

NIST 800-171 Requirements for Validated Cryptographic Modules

January 12, 2022 Walt Paley

BlogPost-whitepaper-NIST-800-171While the Cybersecurity Maturity Model Certification (CMMC) was experiencing growing pains, SafeLogic was working behind the scenes to produce a whitepaper that would properly distill the associated requirements for encryption into easily-digestible content. After many drafts, much discussion, and then an unplanned firedrill late in the game to reflect the broad changes made in CMMC 2.0, we have succeeded.

We took into consideration all of the rumors and official messaging as it was released by the CMMC Accreditation Board (CMMC-AB) and determined early in the process that our whitepaper should be focused on the strict controls in NIST 800-171. While CMMC was intended to cover significantly more, the nuts and bolts of the cryptographic requirements were inherited directly from 800-171 and we embraced the NIST standard as the bedrock of our paper as well. As with most federal programs, the cryptographic prerequisites are well entrenched due to NIST’s significant efforts with the FIPS 140 publications and investment in the Cryptographic Module Validation Program (CMVP).

We are proud to publish this whitepaper that gets to the point, will remain accurate even as process maturity is added back into the mix, and is relevant to the thousands of companies in the Defense Industrial Base affected by CMMC. Whether you are evaluating software solutions to keep your operations in compliance, self-attesting and uploading to SPRS, or preparing for an on-site audit, the requirement for FIPS 140 Validated encryption is clear and explicit. We’ll explain why and how to align fully with the controls.

Many thanks to our partner in the development of this paper - Kratos Defense was the first firm to be authorized by the CMMC-AB and their expertise reflects that priority status. We can recommend Kratos without hesitation if you find yourself requiring the services of a C3PAO!

And now, to the whitepaper itself…

Walt Paley

Walt Paley

Walter Paley is the VP of Communications for SafeLogic. He is responsible for strategy, content, marketing, and outreach. Walt has worked with a series of start-ups and companies in growth stages, including Nukona (acquired by Symantec), Qubole, Bitzer Mobile (acquired by Oracle), and TigerText, among others. An Alumnus of the psychology program at UC San Diego, Walt lives in Southern California with his wife, kids, and their black lab, Echo.

Share This:

Back to posts

Popular Posts

Search for posts

Tags

See all