FIPS / CC Compliance

aarons44aarons44 Posts: 32
edited May 16, 2008 6:53PM in SQL Backup Previous Versions
Are there any plans to have SQLBackup certified against FIPS 140 or Common Criteria? I know that it is using AES 256, so that's a good start, but it would be nice if the app was certified as well.
· Share on Twitter

Comments

  • Colin MillerchipColin Millerchip Posts: 80
    We aren't currently planning on certification against these standards. This is something we are keeping under observation, and it would be interesting to know your specific needs -- eg, why you need these certifications (business drivers), levels of certification required, etc. Please feel free to post or email me directly on this.

    Thanks,


    Colin.
    · Share on Twitter
  • aarons44aarons44 Posts: 32
    Mostly business driver. We have white papers that we present to our customers that detail the security measures we employ in our operations. The savvy customer sees the section on FIPS security, and asks if we are using FIPS certified products or products that use FIPS approved algorithms, knowing that a poor implementation of a secure algorithm can be worse than a good implementation of a more secure one. You're far from alone in not having FIPS certification though. Out of 7 products that we use for various tasks that employ encryption, only one is FIPS certified, and it is a VPN concentrator. All of the rest point to their use of AES, the NIST-approved algorithm. Common Criteria has a little better results in terms of number of approved products, but it is also probably much more inexpensive to obtain, compared with FIPS 140.
    · Share on Twitter
Sign In or Register to comment.