Is there a plan to use HSMs with a valid FIPS certificate that is not historical for HSM protected key vaults?

Sridharan, Sidhartha 10 Reputation points
2023-05-08T20:23:21.9466667+00:00

This Microsoft link shows that the HSM protected key vault uses HSMs with certificates that are historical.

Key Vault service uses a mix of Thales nShield F2 6000+ and Marvell LiquidSecurity HSM cards in the backend for HSM functionality. They are FIPS 140-2 Level 2 or greater validated. The relevant NIST certificates are here (Cryptographic Module Validation Program | CSRC (nist.gov)) and here (Cryptographic Module Validation Program | CSRC (nist.gov)).

Are there plans to use HSMs with a valid FIPS certificate? Are the HSMs going to be tested under 140-3 standards?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,343 questions
Azure Dedicated HSM
Azure Dedicated HSM
An Azure service that provides hardware security module management.
31 questions
{count} vote

1 answer

Sort by: Most helpful
  1. Shweta Mathur 30,181 Reputation points Microsoft Employee
    2023-05-12T04:09:55.6166667+00:00

    Hi @Sridharan, Sidhartha ,

    Thanks for your time and patience.

    As per product team, our HSM Vendor has submitted firmware for FIPS 140-3 certification however there are lengthy delays in the NIST certification process that are impacting many vendors and we are presently unable to say with certainty when the firmware will be approved and deployed. The existing firmware is FIPS 140-2 Level 3 certified.

    Hope this will help.

    Thanks,

    Shweta


    Please remember to "Accept Answer" if answer helped you.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.