BitLocker™ and FIPS

Because we have many government customers who will want to run FIPS-compliant software, Microsoft will certify BitLocker™ to the FIPS 140-2 standard. This is a long process, but if all goes well we should be in good shape within a few months after shipping.

The process involves following specific requirements to add self-tests (such as integrity checking, known-answer-tests, and so on) to our crypto modules, getting these modules validated by an independent third party, and then getting the actual certification from NIST (the National Institute of Standards and Technology) and CSE (Communications Security Establishment, NIST’s Canadian equivalent).

After several design drill-downs, the BitLocker team determined that we need to implement additional changes beyond self-tests, such as offering choices to opt-in and opt-out of FIPS-compliance through group policy.

In addition to satisfying government customers’ requirements, another good thing about the validation and certification processes is that it allows an independent set of eyes to look at our crypto algorithms, not only for correct implementation and compliance with the standard, but also for potential weaknesses or avenues of attack.

-- Tony Ureche, Ph.D.