FIPS 140-2 Specification: Government-Grade Security

United States Government wireless installations are required to pass certification tests for the Federal Information Processing Standard 140-2 requirements. Established by the National Institute of Standards and Technology (NIST), these stringent requirements demand that all cryptographic processing within the certified product use only approved algorithms and meet strict standards for self-testing and tamper resistance. Among the requirements are:

• 802.11i, based on FIPS Pub 147 (Advanced Encryption Standard) using cipher block chaining
• Approved EAP operations with a secure, approved RADIUS server
• Certificate-based authentication for both clients and the network using PKI
• Power-on self testing of all cipher operations, including
  • Ensuring randomness of PRNGs
  • Known-answer validation of encryption algorithms
  • Secure hash validation of code and configuration
• Role-based authentication of users
• Separate roles for crypto security officers and administrators
• Two-factor authentication for key installation
• Detailed code inspection, helping ensure proper implementation and strict separation of functions, to prevent attackers from gaining knowledge of key material
• Physical tamper-resistance, ensuring that the network is no longer able to function should an attacker attempt to physically gain access to the circuitry by smashing or prying

The Meru SG-1000 FIPS 140-2 gateway has been designed to provide strong protection for government wireless installations.