The Importance of FIPS 140-2 Certified VoIP Solutions

Secure communication online is need now more than ever. Cybersecurity is an essential bullet point in every strategy regardless of the use-case scenario. The costs vary upon the collective factors that join the puzzle pieces (Cybersecurity Components) together. FIPS 140-2 compliance is a hidden element within cybersecurity strategy until you see it. It is indirectly influencing your unified communication solution selection, whether you are selecting a communication solution for government or are a business working with the government.

Here's how to update your business phone system selection criteria.

What is FIPS 140-2?

Federal Information Processing Standard (FIPS) Publication 140 is a U.S. government standard that defines minimum-security requirements for cryptographic management in products and systems. It's also the U.S. government computer security standard used to approve cryptographic modules which are the technical components used to encrypt information and manage encryption keys. Commercially, a cryptographic module is known as a hardware security module (HSM).

All federal agencies as well as their contractors and service providers that collect, store, transfer, share and disseminate sensitive but unclassified (SBU) information must go through FIPS 140-2 validation. The validation requirements are mandated for cryptographic module development companies and consumer companies.

FIPS 140-2 Security Levels

FIPS 140-2 is defined by four levels of security. 

Level 1

This is the lowest level of security. No specific physical security mechanisms are required beyond the basic production-grade components, according to the U.S. Department of Commerce documents.

Level 2

Security Level 2 in addition to level 1 requires tamper-evidence coating or seals to protect against unauthorized physical access.

Level 3

In addition to the tamper-evident physical security mechanisms required at Level 2, Security Level 3 attempts to prevent an intruder from gaining access to critical security parameters (CSPs) held within the cryptographic module. At this security level, the cryptographic module must wipe out everything when the removable covers or doors of the cryptographic module are opened.

Level 4

Security Level 4 is the highest level of security. At this security level, the physical security mechanisms should detect and respond to all unauthorized attempts at physical access.

What Does FIPS 140-2 Have to Do with Your Business?

The U.S. presidential executive order issued May 2017 mandates the Strengthening the Cybersecurity of all Federal Networks and Critical Infrastructure within all departments and agencies. Companies currently conducting business directly with the agencies must also follow the executive order. Compliance mandates require conformance to National Institute of Standards and Technology’s (NIST) Special Publication 800-53r4, which calls for the enforcement of cryptographic requirements of FIPS 140-2 standard throughout the details.

In June 2017, the Pentagon announced new security policies that require contractors doing business with the Department of Defense (DoD) to ensure “adequate security” when connecting to the DoD network and its components, which is conformance to FIPS 140-2 implied from NIST 800-171 mandate.

These two announcements are the tip of the iceberg of security mandates required in order to conduct business with U.S. government departments and agencies. 

If you're a business, service provider or product supplier that isn't doing business with the government, you might think you don't need FIPS 140-2. But if you use a communication system it's important to be in compliance with this standard.

How Does FIPS 140-2 Apply?

Cryptographic-based security systems are utilized in various telecommunication applications (i.e. data storage, access control, personal identification, network communications, radio, facsimile, email, chat and video).

If you are running logistics and delivery services, you collect, store and manage individual names, location addresses, and product information via your ERP or CRM and unified communication systems. Your business execution workflow consumes information to arrange delivery logistics utilizing your selected PBX solution. Hence, it is mandated for your organization as long as you work directly or indirectly with a U.S. department or agency to use a FIPS 140-2 compliant-unified communication solution. Your team collaboration and your customer engagement must follow and meet the specific requirements of federal, state and local government regulatory compliance guidelines. 

The unified communication solution you use is a mini-network carrier for all communication means, local phone calls, mobile calls, voice messages, email, and chat logs. In other words, the communication solution you use for your business must be a secure mini-carrier network on its own. 

 When it comes to security, 8x8 provides reliable and compliant cloud solutions at a demanding level rarely seen by other cloud providers. Don't take your chances with a subpar cloud-based telecom system. Call 1-866-879-8647 or fill out our form online to request a no-obligation quote from an 8x8 Product Specialist.

  • Request a

    or call 1-866-835-2979