Many standards, especially those provided by the government, are often viewed as more trouble the actual help. The goal of this talk is to shed a new light onto onesuch standard (FIPS 140) and show what it is inteded for and how is can sometimes help ensure good design practices for security products. But everything is not roses and there are certain things that these standards cannot help with or may even inhibit. By examining these strengths and potential weakness, the hope is everyone will have a new opinion of this and similar standards and how they are used.
Joey Maresca is a security analyst/engineer with a background in computer hardware and software, including a BS in Electrical and Computer Engineering from The Ohio State University. In a past life, he worked at the US Patent Office, while not the most exciting job it was an informative experience. Over the past five years he has worked in the security field with a primary focus on FIPS 140 testing and validations. This has allowed him inside access to dozens of commercial products. Twitter: @l0stkn0wledge