HPE ESKM now has FIPS Level 3 option

Organizations across all industry and public sectors are increasingly challenged to protect their sensitive information such as cardholder data, patient records, personally identifiable information, and intellectual property from threats such as unauthorized insider access, accidental disclosure, and theft by a range of hostile outsiders.

ESKMHPE Enterprise Secure Key Manager (ESKM) provides a centralized key management hardware-based solution for unifying and automating an organization’s encryption controls by creating, protecting, serving, and auditing access to encryption keys for secure, reliable administration. HPE ESKM supports the OASIS Key Management Interoperability Protocol (KMIP) versions 1.0 through 1.3, enabling the broadest range of data protection applications and solutions from HPE and partners.

What is FIPS?

In the US, requirements for government security are regulated by Federal Information Processing Standards (FIPS) publications, which are developed by the National Institute of Standards for Technology (NIST). FIPS is a security standard that is recognized by the U.S. and Canadian governments. Long considered a benchmark for security in government, being labeled FIPS compliant assures users that a given technology has passed rigorous testing.

HPE ESKM is FIPS Level 3 Compliant

I am pleased to announce that HPE ESKM is now available as a FIPS 140-2 Level 3 compliant option. Customers at this week’s HPE Protect got a first-hand look at the updated HPE ESKM v5. The HPE ESKM v5 – Level 3 appliance variant introduces a FIPS 140-2 Level 3 hardware option to protect root secrets and support crypto operations, achieving a greater security assurance that is often required for demanding enterprise applications. This expansion of the HPE ESKM portfolio strategy builds upon the field-proven standard HPE ESKM FIPS-validated appliance by offering an alternative solution to meet customer security requirements and continues to demonstrate HPE innovation for meeting customer needs.

HPE ESKM is currently available as a FIPS 140-2 Level 2 fully-validated appliance with the hardware chassis providing the FIPS boundary. This meets most commercial requirements in a cost-effective 1U form factor solution. With the addition of an embedded Hardware Security Module (HSM), the Level 3 option now raises the security assurance for additional protection.

Customer Choice:

With both HPE ESKM options now available, customers may choose:

  • Level 2 as a tamper-evident solution to detect attempts to compromise the appliance, or
  • Level 3 which now provides detection and response, including:
    • Critical Security Parameters (CSP) zeroization in response to intrusion
    • Plaintext CSP I/O port and Data I/O port physically separated, and
    • Identity based authentication

Who this benefits:

Organizations such as federal agencies and financial services are subject to heavily-regulated environments where application security policies and strict audits are a good match for Level 3 compliant key management solutions. Other customers who could benefit from this include:

  • Customers with HPE ProLiant servers and HPE 3PAR disk arrays
  • Federal and financial customers seeking alternative, more dependable, supported products
  • Commercial customers in verticals with critical sensitive data that requires encryption and who rely on NIST FIPS as the benchmark for hardware security assurance.

HPE ESKM helps protect sensitive information such as payment cardholder data, customer and employee records, electronic health records, intellectual property, cloud-hosted data, and national security and defense information with strong encryption key management.

For additional information – please see the updated HPE ESKM v5 data sheet, or visit the HPE ESKM product page.

Leave a Reply

Your email address will not be published. Required fields are marked *