Allegro is pending review for FIPS 140-3 validation from NIST for the Allegro Cryptography Engine – ACE™. Allegro has been added to the Modules in Process List (MIP), which highlights the modules that the NIST Cryptographic Module Validation Program (CMVP) is actively working on. The CMVP is a joint effort between the National Institute of Standards and Technology (NIST) in the United States and the Communications Security Establishment (CSE) in Canada.
The Allegro Cryptography Engine – ACE™
The ACE™ module allows IoT device manufacturers to meet government requirements for FIPS Validated Cryptography. ACE™ is a cryptographic library module for resource sensitive IoT devices that provides validated software implementations of FIPS-approved algorithms for the calculation of message digests, digital signature creation and verification, bulk encryption and decryption, key generation and key exchange. Used stand-alone or pre-integrated with the Allegro EdgeAgent Suite, ACE™ provides CAVP validated implementations of sophisticated FIPS approved encryption algorithms for use in embedded systems. As the transition from FIPS to FIPS 140-3 continues, Allegro is prioritizing the update for the ACE™ module to FIPS 140-3 well before the expiration of FIPS occurs in 2026. This third version of FIPS includes many updates and strong links to ISO documentation, which are standards that have been implemented worldwide.
Why Does the CMVP Exist?
The NIST CMVP plays a vital role in ensuring that cryptographic modules meet specific security standards, providing a consistent metric for evaluating security, and promoting strong security practices across various sectors. It helps federal agencies and other organizations in making informed decisions related to the purchase and implementation of cryptographic solutions, thereby enhancing the overall security of information systems.
Validation of Cryptographic Modules
The CMVP provides a standardized process for validating cryptographic modules. This includes testing the modules against established standards, such as Federal Information Processing Standards (FIPS) 140. The validation process ensures that the cryptographic algorithms and their implementation in a product meet specific security requirements.
By adhering to the standards set by the CMVP, federal agencies and other organizations can have a consistent security metric to evaluate the cryptographic security of various products. This helps in making informed decisions when purchasing and implementing cryptographic solutions.
Compliance with Federal Regulations
For U.S. federal agencies, using validated cryptographic modules is often a requirement for compliance with various regulations and directives. This ensures that sensitive information is protected in accordance with government standards.
Since the program is recognized internationally, products validated under the CMVP can be more easily marketed and accepted globally. This can be particularly beneficial for vendors looking to sell their products in various international markets.
Transparency and Trust
The list of validated modules is publicly available, providing transparency and helping organizations identify products that have been rigorously tested and validated. This can build trust in the products and the vendors that produce them.
Encouraging Strong Security Practices
By promoting the use of validated cryptographic modules, the CMVP encourages vendors to adhere to strong security practices in the design and implementation of their products. This can lead to an overall improvement in the security landscape.
Stay tuned for additional updates on FIPS 140-3 approval for the Allegro Cryptographic Engine (ACE™). Sign-up for our newsletter to get updates sent directly to your inbox.