For several controls, i.e., SC-13 and IA-2(11), the FedRAMP-defined parameters included in the FedRAMP Moderate baseline appear to present NSA approved cryptography as an alternative to FIPS validation. NSA approved cryptography, however, generally applies to classified systems and therefore can be just as complicated as FIPS. Realistically, most CSPs don’t have an option. FIPS 140-2 validation is the standard to follow and there is really no alternative. When that is case, the FedRAMP PMO instructs CSPs to not mention the “NSA approved cryptography” alternative as part of their control descriptions within their SSP and associated policies.
CSPs should keep in mind that FIPS validated cryptography (as well as NSA approved cryptography, for that matter) is not merely about encryption algorithms and key lengths. Of course, FIPS validated cryptography uses only NIST-approved ciphers and key lengths for encryption, integrity, and key generation. (As an aside, CSPs often overlook the requirements for key generation by supporting ECDH curves that provide less than 112-bits of encryption.) In addition to encryption algorithms and key lengths, FIPS validation also concerns the underlying core encryption processes themselves that occur within the encryption modules within the system. In particular, FIPS validated cryptography means that the specific version of the specific encryption modules used by the system have been thoroughly investigated and validated at a FIPS-approved laboratory. To ensure that cryptography is FIPS validated, CSPs need to confirm that the specific versions of the cryptographic modules used in the system correspond to versions that have been FIPS validated and that that those cryptographic modules have been appropriately configured to operate in a FIPS-approved mode with only approved ciphers and key lengths. More information about FIPS validation can be found in SecureIT’s FedRAMP Tech Bulletin on FIPS 140-2 Validation.