Why FIPS Validation is Important to Protect Your Data and Company


Last updated: March 16, 2022

It wasn’t surprising to find that Wikipedia has a page entitled “List of data breaches” which is a who’s who list of companies that have had theft or compromise of at least 30,000 records.  Cringe moment: the vast majority of those breaches were way, way, way over 1,000,000 records!  If you’re like me, you can scroll the list and find multiple companies that failed to protect your personal data.

According to IBM and the Ponemon Institute’s annual “Cost of a Data Breach” report, the average cost per breach in the US in 2019 was $8.19M.  Financial, eCommerce and telecommunication companies are now waking up to the reality that their systems can never be secure enough.  Fun fact: even after all of these data breaches, there are no overarching data encryption requirement laws in the United States.

The good news is that KIOXIA customers are smart and we are seeing increased demand for data storage media capable of encrypting data.  KIOXIA enterprise SSDs offer multiple, super-strong drive encryption options to protect stored data at the highest levels available.

Federal Information Processing Standard (FIPS) standards and guidelines are developed by the National Institute of Standards and Technology (NIST) in accordance with the Federal Information Security Management Act (FISMA).  In this set of standards, higher levels of protection indicate drives that are progressively more resistant to attack.  KIOXIA has validated that the cryptographic module in the PM5 Series of enterprise SAS SSDs maintains the confidentiality and integrity of the data being protected that comes with Level 2 validation of FIPS 140-2.

With on-board SSD encryption and FIPS 140-2 validation, customers get the highest level of data protection available, as specified by NIST.    The use of encrypted SSDs provides a strong base for the rest of your security efforts to prevent data breaches in your environment.  In combination with your other efforts, you will be in a stronger position to prevent your company from becoming a victim of these data breaches.

A frequently asked question I receive is how to audit or validate the FIPS 140-2 certification using the NIST web site.  Here are the steps…

1. Visit https://csrc.nist.gov/projects/cryptographic-module-validation-program 

2. To the right under Validated Modules click “Search”. You will be taken to the search screen where you enter “kioxia” into the Vendor field and then search.

3. The search results will display several KIOXIA FIPS certified modules.

    • Certificate number 3983 is CM6/CD6
    • Certificate number 3965 is PM6
    • Certificate number 3290 is PM5
    • Certificate number 3605 is CD5
    • Certificate numbers 3006, 3001, 2822 and 2819 pertain to various PX05S models
    • Certificate numbers 3688, 3609, 3608, 2521, 2520, 2769 and 2709 pertain to various PX04S models

4. Clicking any Certification Number will show more details about that certificate. The “Tested Configuration” information below is the System-on-Chip (SoC) or Crypto Sub-Chip encryption that KIOXIA uses in PM6 Series SSDs. TC58NC1032GTC is also inside the drive and can be electronically validated by issuing the INQUIRY command (VPD-CEh) and the SECURITY PROTOCOL IN command (Security Compliance Information).


All company names, product names and service names may be trademarks of their respective companies.

The views and opinions expressed in this blog are those of the author(s) and do not necessarily reflect those of KIOXIA America, Inc.

Comments are closed