The network video product manufacturer Axis Communications is announcing its first network security device with an embedded discrete secure element validated to the FIPS 140-3 Standard Level 3. With the introduction of AXIS Q1809-LE Bullet Camera last month, Axis says it’s providing FIPS 140-3 Level 3-compliant products under the United States’ Federal Information Processing Standards.
That’s the security levels as defined by the US National Institute of Standards and Technology (NIST). The FIPS 140-3 standard specifies security requirements for cryptographic modules that process and ensure the confidentiality and integrity of data. Even users that are not required to comply with FIPS standards will benefit, the makers add, as their systems are interoperable.
Johan Paulsson, Chief Technology Officer at Axis, pictured, said: “Customers need to be confident that Axis devices ensure long-term cybersecurity and meet the latest requirements such as FIPS 140-compliance. Axis’ approach to cybersecurity is to provide device protection throughout the device lifecycle, from start to beyond the point of purchase. Through AXIS OS software updates, customers can benefit from newly introduced features and improved protection throughout the device’s lifetime.”
FIPS accreditation
The FIPS certification demonstrates that devices have passed testing procedures, meeting the standard set for encryption algorithms and data protection. The FIPS cryptography standard program is a benchmark in US government data security and is globally recognised. Users of the FIPS 140-3 standard can ensure that the hardware they select meets specific security thresholds, the firm adds.
FIPS 140-3 certification assesses four levels of security. At Level 3, the certification adds requirements for physical tamper-resistance and identity-based authentication. The embedded discrete secure element, EdgeLock® SE052F, is from NXP® Semiconductors, as used in smartphones, bank cards and passports. Axis says it will continue to expand its range of FIPS 140-3 certified devices by embedding the new secure element in all its upcoming network products. FIPS 140-3-compliance will be available for use cases ranging from surveillance to business optimisation (through analytics), to access control, and audio.
The company adds that secure storage and computing of cryptographic keys is one component of the hardware-based cybersecurity platform Axis Edge Vault. Axis Edge Vault includes features like secure boot, and the IEEE 802.1AR-compliant Axis device ID that verifies the identity and authenticity of Axis devices. Visit https://www.axis.com/en-gb/about-axis/cybersecurity.
