FIPS 140-2 Certification and Common Criteria: Why it matters
Kanguru Defender® Government Certified, Hardware Encrypted Devices Demonstrates World-Class USB Security For Your Data
An ounce of prevention is key to protecting data for the mobile workforce, and Kanguru makes it easy and affordable for organizations to secure information on the go by providing government certified, top-notch secure USB drives. By submitting our hardware encrypted USB devices through meticulous testing and thorough evaluation of FIPS 140-2 Certification and Common Criteria combined, Kanguru demonstrates a serious commitment to organizations to help them secure their data in any environment.
Today’s global, high-speed technology, on-demand information, and ever-tightening regulatory laws make for a daunting task for organizations trying to secure mobile information in a busy setting. Cloud storage attempts to provide an answer, but leaves organizations paying expensive monthly or yearly fees forever, ill-timed lock-outs or internet down-time, and questionable security. (Do you really know exactly where your data is being stored in the cloud, anyway?) it's very important to secure sensitive data on the most secure storage devices and know exactly where it is at all times.
You've seen select Kanguru devices listed as being FIPS 140-2 Certified as achieving Common Criteria Accreditation, and you may have questions regarding these certifications. As a manufacturer of highly-secure storage products devoted to quality, Kanguru takes data security very seriously, and adheres to the highest level of government and industry regulations. Kanguru is dedicated to ensuring that its customers are provided with the highest-quality devices built on best practices. FIPS and Common Criteria are the main governing standards regarding information technology and product security across the globe, with many levels of complexity and depth that can be confusing to many. You may wonder what exactly are these governing regulations, how do they compare to each other, and why do they matter? Here’s a simple look at FIPS and Common Criteria standards and how Kanguru pursues them to equip their customers with first-class USB security products.
"Having FIPS 140-2 and Common Criteria certifications together... demonstrates Kanguru's global commitment to excellence, and its pledge to deliver the best in trusted USB data security for clients."
-
FIPS 140-2, or Federal Information Processing Standard 140-2 is a set of security requirements for cryptographic modules. FIPS 140-2 is overseen by CMVP (Cryptographic Module Validation Program) which is a joint effort between the United States and Canadian governments. CMVP is a partnership put in place by NIST of the United States, and CSEC of Canada. There are four increasing levels of security (levels 1-4) as well as several specific certifications within FIPS (FIPS 197, etc), each level achieving a higher concentration of certain criteria by the federal government, depending on the level of security and quality of testing necessary. The areas of concentration include basic design and documentation, physical security measures, cryptographic algorithms, module interfaces, and so on. The National Institute of Standards and Technology(NIST) reviews their FIPS standards every five years, and their standards have been adopted by the Canadian government’s Communications Security Establishment (CSE), as well as many other countries and institutions.
By achieving the security requirements of the FIPS 140-2 Cryptographic Module, Kanguru demonstrates recognized security and proficiency which government and commercial customers can rely on. Through discriminating examination, rigorous testing, and analysis, Kanguru has demonstrated that its certified products meet these quality standards for data security. Where FIPS level 1 usually focuses on software or basic hardware modules, Kanguru has met or exceeded FIPS level 2 and level 3 requirements based more on hardware, developing a highly robust and easier-to-use security product for our customers. Kanguru’s Defender Series, for example, needs no software installation, as the encryption is built right into the hardware. The Defender 3000 has achieved FIPS 140-2 Level 3 Certification, one of the highest levels of security, with military-grade hardware encryption, brute force protection, and performance. But it might be interesting to note that despite the good intentions of the FIPS process, it is a strict evaluation of cryptographic modules and does not directly review all aspects of the overall product set. Since Kanguru Solutions takes data security very seriously, we take it one step further by pursuing Common Criteria as well.
Kanguru Products & FIPS 140-2 Certification
Defender 3000: Level 3
Defender Elite300: Level 2
Defender 2000: Level 3
Defender Elite200: Level 2
Defender HDD300: Level 2
-
The Common Criteria for Information Technology Security Evaluation is another accreditation process adopted by over 24 different certifying nations through the CCRA (Common Criteria Recognition Agreement). Common Criteria has a much wider review process of overall product design and functionality than FIPS, and covers the product from its inception, to final product and overall use. It takes an all-encompassing look at the software, hardware, and firmware of a device, as well as the overall development process of the product set from birth to commercial release. Ultimately, nearly every aspect and process which goes into the design, development, release, and support of a product is reviewed and scrutinized. Common Criteria evaluations can be a very costly and time-consuming process, but the results are a remarkably powerful and secure product. This complex evaluation process involves several testing labs and governing authorized members to oversee that certain security and functionality standards are met.
The following Kanguru secure USB drives and Remote Management solutions are Common Criteria Certified:
Defender 2000: v1.2.1.8
Defender Elite200: v2.0.0.0
KRMC Enterprise: v5.0.2.6
UKLA: v3.2.0.3
Certificate # BSI-DSZ-CC-0772-2014
By achieving Common Criteria certification, Kanguru’s devices go above and beyond competing products in the secure storage market. This is where the “rubber meets the road” when it comes to developing high-end security devices, ensuring a complete, thorough testing process, and meeting the highest standards in data protection.
Common Criteria Accreditation demonstrates that the product set adheres to an agreed upon protection profile from a certifying country, and that the follow-up testing ensures the processes which Kanguru uses to develop, design, and maintain its products are sound and secure. Kanguru's Common Criteria efforts have been overseen by Germany's Federal Office for Information Security (BSI), the central IT security agency for the federal government in Germany.
-
With the enormous costs and ramifications associated with a data security breach, government and regulatory organizations have cracked down on financial corporations, medical institutions, and businesses alike, holding them accountable for maintaining, structuring and managing security of all sensitive data. Regulatory Acts such as Sarbanes-Oxley, Gramm-Leach-Bliley and HIPAA are just a few of the stringent regulations keeping organization’s “feet to the fire” so to speak. Violating or breaching these Acts comes with some very stiff penalties. Companies dealing with highly-sensitive or personal data must adhere and comply with these regulatory standards. Kanguru ensures that their products adhere to the highest of standards in order to assist companies and organizations to hold fast to these regulations.
By achieving both FIPS 140-2 and Common Criteria certification together, Kanguru surpasses other similar devices in the industry, going above and beyond the call of duty. The fact that the entire product as well as the process has undergone a rigorous series of security evaluations makes a more compelling case for breadth of coverage than a product which has only had a specific component evaluated. Customers can be assured that their Kanguru FIPS and Common Criteria evaluated products meet the toughest and most demanding regulatory data security standards in the industry, providing the strongest option available for compliance.
Furthermore, having FIPS 140-2 and Common Criteria certifications completed together under the review of two separate countries (U.S. and Germany), Kanguru demonstrates its global commitment to excellence, and its pledge to deliver the best in trusted USB data security for clients.