Entrust nShield 5 HSMs achieve FIPS 140-3 certification
Entrust has announced that its latest generation of hardware security modules (HSMs), nShield 5, has secured Federal Information Processing Standards (FIPS) 140-3 certification. FIPS 140-3 is the most recent iteration of the computer security standards developed by the U.S. National Institute of Standards and Technology (NIST) to validate cryptographic modules.
With this certification, Entrust has positioned itself among the select vendors capable of meeting the rigorous data security standards required by governments, financial institutions, and enterprises globally. The new nShield 5 HSMs feature an innovative container-based architecture and a programmable security processor designed for crypto-agility. These HSMs are reportedly up to 40% faster than previous versions, enabling them to support the growing demand for high-level data security applications.
Earlier this year, nShield 5 HSMs also achieved Common Criteria EAL4+ certification, which is recognised under the European Union's eIDAS regulation. The dual certifications, FIPS 140-3 and Common Criteria EAL4+, provide comprehensive compliance support to organisations under various global regulatory requirements.
"This is a critical milestone. FIPS 140-3 certification for Entrust nShield 5 HSMs provides customers with the security foundation that meets their most demanding protection and performance requirements and future-proofs investments with the ability to be securely updated as cryptographic standards continue to evolve, for example with post-quantum algorithms," said Giuseppe Damiano, VP of Product Management at Entrust. "By achieving this certification, along with the Common Criteria Standards certification, Entrust nShield 5 HSMs provide customers around the world with assurance their cryptographic modules deliver the highest standards of security and compliance to protect their most sensitive data."
Jason Lawlor, President of Lightship Security, added, "To become FIPS 140-3 certified, there's a great deal of analysis and testing that has to be done by an accredited, independent third-party laboratory. Having an HSM with FIPS 140-3 certification is an essential next step for organisations as they work to protect their data now and into the future. We were thrilled to work with Entrust to achieve this certification and help their customers remain compliant."
Crypto agility refers to an organisation's ability to adopt emerging encryption methods seamlessly. This capability is becoming increasingly critical as post-quantum cryptographic algorithms are standardised and new algorithms continue to emerge. The nShield 5 HSM offers out-of-the-box crypto agility with its field programmable gate array (FPGA) security processor, which can be reprogrammed via software updates. This reduces both the cost and time associated with hardware refreshes and enhances resilience against potential threats from quantum computers, which could compromise current encryption techniques.
Carl Persson, Sales Director of Encryption at Verisec International AB, noted, "Our customers seek best-in-class, high assurance hardware security modules to protect their high-value cryptographic keys. I'm delighted that the Entrust nShield family of HSMs are now validated to FIPS 140-3. Verisec is a long-standing partner of Entrust, and we recognise the significance of achieving this new security validation for the nShield 5 HSM. Our joint customers will now be able to choose Entrust nShield HSMs to meet their high assurance needs, knowing that it has the latest FIPS 140-3 validation in addition to Common Criteria certification and a number of other compelling features."
The nShield 5 HSMs integrate with Entrust's KeyControl, an enterprise key management service that provides a unified dashboard for visibility, traceability, compliance tracking, and an immutable audit trail for cryptographic assets such as keys and secrets. The decentralised vault architecture ensures the security of keys within authorised endpoints while supporting various cryptographic use cases. As a result, Entrust nShield 5 HSMs add an extra layer of security for keys and secrets managed by KeyControl.