Let's explore secure software development with FIPS 140-2
Adherence to the FIPS 140-2 standard greatly enhances the assurance that the cryptographic module is secure. However, there still exists a responsibility for the cryptographic module vendor to implement best practices for software engineering as part of cryptographic module development. FIPS 140-2 Appendix B “Recommended Software Development Practices” provides guidelines to vendors for designing and developing cryptographic modules in a secure manner.
Breaking down the requirements of FIPS 140-2
We help you cut through complex language in FIPS 140-2 Appendix B with breakdowns and commentary at every critical junction as it pertains to software development.
What you’ll find inside:
-
Best practices for software development to FIPS 140-2 requirements.
-
How to design and develop cryptographic modules in a secure manner.
-
FIPS 140-2 implications for modular design, procedure interfaces, internal construction, in-line documentation, and assembly language.
-
How to achieve effective developer communication via source code comments.
-
Importance of the "DRY" objective and how to implement "DRY".
-
Secure memory and secure thread management.
-
How to find accredited FIPS laboratories.
-
Common questions and answers.
