Our communities, economy and national security relies on our government’s ability to keep confidential information out of the hands of nefarious parties. As government agencies continue to move sensitive data to digital storage and cloud computing, the regulatory landscape is expanding and open to more vulnerabilities. FISMA, FedRAMP, and FICAM are some of the compliance mandates and frameworks that government agencies must follow in order to ensure the security of their sensitive information and to effectively fend against cyber attacks and insider threats.
Utimaco’s general purpose hardware security modules (HSMs) provide secure storage and processing of sensitive cryptographic data, creating a secure root of trust for an agency’s public key infrastructure (PKI) systems. These appliances serve a multitude of regulatory agencies and affiliated vendors and accredited at FIPS 140-2 Level 3 or Level 4 (physical) and are certified against Common Criteria.
Utimaco’s Enterprise Secure Key Manager (ESKM) provides a FIPS 140-2 Level 2 certified key management solution. The EKSM creates, protects, serves, and audits access to encryption keys on tamper-resistant hardware. Both Utimaco HSMs and ESKMs support classical and post-quantum cryptographic algorithms and are fully compliant with FISMA, FedRAMP and FICAM.
FISMA was passed by Congress in 2002 and amended in 2014 as part of an effort to ensure protection of sensitive information by the US government. FISMA compliance applies to all US government agencies as well as organizations in the private sector doing business with the US government.
The security controls that government agencies and contractors should apply for FISMA compliance are outlined in a set of NIST publications, including:
FedRAMP is designed to ensure that government data and applications placed in the cloud are appropriately secured. The FedRAMP requirements are based upon the NIST 800-53 security controls, which include families such as:
FICAM is an effort by the US government to standardize the use of identity, credential, and access management solutions across all government agencies. The first goal of FICAM is to strengthen the federal government’s information and physical security, which includes objectives focused on building a secure, usable system for authenticating users to government systems and resources.
Protecting access to sensitive government data requires the ability to securely and accurately identify and authenticate users before granting access to systems or resources. Utimaco CryptoServer HSMs and ESKMs fulfill the following requirements for agencies to be compliant.
Utimaco’s Cryptoserver HSMs and ESKMs provide secure storage and processing of sensitive cryptographic data, creating a secure root of trust for an agency’s public key infrastructure (PKI) systems. This provides a strong foundation for government agencies and contractors to build solutions for FISMA, FedRAMP, and FICAM compliance.