Geotab achieves FIPS 140-2 validation for GO devices

Article Published by Geotab
Author: Ryan Brander, AVP, Security
https://www.geotab.com/blog/fips-140-2-validation/

Geotab is pleased to announce an important milestone for our company and the telematics industry. The Geotab GO device cryptographic library has achieved FIPS 140-2 validation. The validation certificate can be viewed online at NIST Computer Security Resource Center (Certificate #3371).  

Receiving FIPS 140-2 validation means that the cryptographic library on the GO fleet tracking device has passed the strict requirements and testing imposed by the U.S. Government and the Government of Canada. Read the full press release here.

Geotab becomes first telematics company to achieve validation

This is a significant step for Geotab, the telematics industry and the IoT industry as a whole. Geotab has become the first telematics company to achieve a FIPS 140-2 validated cryptographic library for a telematics device.

With this validation, Geotab joins an elite group of global leaders in security technology such as MicrosoftAppleGoogle and Cisco, who have also achieved FIPS 140-2 validation.

See alsoFederal Fleet Manager Cybersecurity Considerations for Telematics

What is FIPS 140-2 validation?

FIPS 140-2 validation is the benchmark for cryptographic modules protecting sensitive information in computer and telecommunication systems for the U.S. Government, Canadian Government, and military use.

The Federal Information Processing Standards (FIPS), are the standards and guidelines for federal computer systems. FIPS validation is administered by the Cryptographic Module Validation Program (CMVP), which is jointly operated by the National Institute of Standards and Technology (NIST) and the Communications Security Establishment (CSE) of Canada.

FIPS 140-2 validation underpins the security of much of the information technology that we encounter in our daily lives.

Cryptography, in general, is fundamental to the protection of personal and sensitive information. Encryption, or the process of randomizing/disguising information based on a secret code, shared secret, or key, where only the intended recipient can reverse the encryption in order to see the original information, has been used since ancient times. Today, with so much data being generated and transmitted (Domo estimates it to be 2.5 quintillion bytes per day), encrypting data for privacy and security is more important than ever.

Security benefit for Geotab-connected fleets

Geotab customers do not need to take any action related to this announcement. Geotab is in the process of rolling out this new cryptographic library to all GO devices through Geotab’s secured Over The Air (OTA) firmware update.

Whether you monitor five heavy trucks or a fleet of a hundred thousand vehicles, your business critical telematics data is going to continue to be protected. The FIPS 140-2 validated cryptographic library means that data is securely encrypted when stored on a GO device, and securely encrypted when transmitted from the GO device to the MyGeotab solution.

Visit Geotab’s Security Center for more info

FIPS 140-2 validation is just one part of a Geotab’s overall security program. You can read more about Geotab’s Technical and Organizational Data Security Measures (TOMS), Geotab’s commitment to a Secure Software Development Life Cycle (SSDLC), and view the details of our Responsible Disclosure program in the Geotab Security Center.

Geotab’s security program continues to grow and evolve. To stay up-to-date on Geotab security, telematics security, and fleet best practices, sign up for the Geotab monthly newsletter

Read more on security:

Securing the Future of Connected Mobility

15 Security Recommendations for Building a Telematics Platform Resilient to Cyber Threats

Best Practices for Cybersecurity Management in Telematics [white paper]

A Quick History of Vehicle Cybersecurity