AWS re:Inforce 2019: Innovating FIPS Crypto Validation in the Cloud (SEP321)
Federal Information Processing Standard (FIPS) 140-2 was published at a time when the full operational environment, from the cryptographic module to the processor, was definable, self-contained, and controlled by a single operator. With the arrival of cloud computing, these basic assumptions are no longer valid. The operational environment is not shippable to a lab, and it is not self-contained. In this session, we describe the opportunities and challenges of bringing FIPS 140 to the cloud. We review the current state and new, automated approaches that are under evaluation at the National Institute of Standards and Technology (NIST).

View on YouTube