Name: EC-Conference2024: FIPS 140-2 and 140-3 Explained with Critical Insights for Cryptographic Security and Compliance
Start: 2024-11-08T19:00:00Z
End: 2024-11-08T19:01:03.000Z
Location: BrightTALK
Rating: 4.5

We are the world's leading provider of applied cryptography.
Over 100 Fortune 500 corporations have sought our help in protecting their most sensitive data and solving the most complex problems. Through our products and professional services, you can strengthen your ability to protect cryptographic keys, digital certificates, software code signing, Certificate Lifecycle management, and more. We are committed to staying up-to-date with the latest technology trends, compliances, and best practices in data security, and we leverage this expertise to help our clients achieve their security goals.

The Cyber Resilience Act (CRA) is changing the game for anyone building connected products. Whether you’re creating IoT devices, embedded systems, or large-scale hardware platforms, you’re now expected to prove that your products stay secure from the moment they power on to the day they’re retired. That can feel overwhelming, but it doesn’t have to be.
 
In this webinar, we’ll walk you through how Secure Boot Signing, Firmware Signing, and HSM Integration work together to make CRA compliance not just achievable, but sustainable.
You’ll learn:
- How Secure Boot helps your devices start safely every single time by allowing only trusted firmware to run
- Why securely signing firmware updates is essential, and how it protects your customers from tampered or malicious software
- How HSMs keep your signing keys safe and eliminate risky manual processes that could put your compliance at risk
- How combining these three components gives you a clear, reliable roadmap to meeting CRA requirements with confidence
- Practical tips to strengthen your signing workflows without slowing down your engineering teams

Whether you’re already preparing for CRA or just starting to understand what it means for your products, this session will help you feel more confident, more informed, and more ready for what’s ahead.

A Unified Approach to CRA Compliance with Secure Boot Signing, HSM Integration, and Firmware Signing

In this video, we cut through the complexity to give you a clear, comparative look at the official PQC Roadmaps from the EU, Canada, and the UK. We highlight the urgent deadlines (2030 high-risk migration) and the six common pillars of strategy that apply directly to your business. Learn the mandatory first steps to successfully secure your long-lived data against the 'Harvest Now, Decrypt Later' threat.

Emerging Trends in PQC | How Nations Are Preparing for The Quantum Threat

Welcome back to the series! Part 2 moves from the core standards to essential strategy. We look into SLH-DSA (FIPS 205), the secure hash-based signature, and HQC, the powerful code-based backup scheme. The main focus is the Decision Matrix, which translates complex PQC math into real-world trade-offs like speed versus size for deployment. This is crucial information for building your quantum-safe roadmap. Follow us for all NIST updates!

New PQC Standards from NIST Explained (Part 02)

Welcome to Part 1 of our deep dive into the NIST PQC standardization project! In this video, we break down the two foundational standards replacing today's vulnerable encryption: FIPS 203, which standardizes ML-KEM for secure key exchange, and FIPS 204, which introduces ML-DSA for quantum-safe digital signatures. We explain the rigorous process that led to their selection, their core lattice-based designs, and how these algorithms will become the cornerstone of your organization's security against future quantum computer attacks. Stay tuned for Part 2, where we cover the important alternative algorithms and the practical user matrix!

New PQC Standards from NIST Explained (Part 01)

In the second part of our PQC series, we'll go beyond the basics of Post-Quantum Cryptography to reveal the key drivers pushing this monumental shift. From the "Harvest Now, Decrypt Later" threat to the global regulatory push from bodies like NIST and CISA, we'll explain why this transition is a necessity, not an option. Tune in to understand the forces shaping the next era of encryption.

Decrypting the Key Drivers Behind the PQC Shift

As part of our weekly PQC series video, we're cutting through the noise to get to the core of Post-Quantum Cryptography. You'll learn why the quantum threat is closer than you think, and why "Harvest Now, Decrypt Later" is the most critical concept in cybersecurity today. We'll demystify the new NIST-approved algorithms and share a clear, strategic roadmap for your organization to begin its PQC journey. Don't miss this essential guide to building a crypto-agile infrastructure that's ready for what's next.

Discover more about our PQC Advisory Series https://www.encryptionconsulting.com/services/post-quantum-cryptographic-advisory-services/

Understanding the Basics of Post Quantum Cryptography

Strong key management is essential as organizations expand into hybrid environments. Weak practices can lead to security gaps, compliance risks, and loss of visibility.
 
In this session, we’ll break down key management best practices, the biggest challenges, and ten reasons to adopt a centralized approach. You’ll also see how CipherTrust Manager simplifies operations, strengthens compliance, and secures sensitive data through scalable, unified management.

Implementing Key Management Best Practices

In an era of escalating cyber threats and the approaching quantum computing paradigm, simply knowing what cryptographic assets you possess isn't enough. True digital trust and enterprise resilience demand a sophisticated, strategic approach to cryptography that extends far beyond basic inventory. Many organizations face a critical gap between recognizing cryptographic use and effectively managing its inherent risks and opportunities.
 
Our webinar is ideal for organizations who are ready to move past reactive measures and embrace a truly proactive cryptographic strategy. Discover strategic imperatives and actionable frameworks necessary to:
- Uncover and mitigate hidden cyber risks stemming from unmanaged or misconfigured cryptography.
- Quantify and reduce balance sheet exposure by transforming cryptographic vulnerabilities into a controllable business risk.
- Develop a future ready strategy that intelligently anticipates and prepares for the quantum-safe transition.
- Transform cryptographic compliance from a burden into a robust pillar of your overall governance.

Beyond Visibility: Turning Crypto Inventory into a Strategic Advantage for the Quantum Era

As quantum threats grow closer to reality, cybersecurity leaders must prepare their cryptographic infrastructures for a post-quantum future. CNSA 2.0, introduced by the NSA, outlines a suite of cryptographic algorithms designed to protect National Security Systems (NSS) from both current and future attacks.
In this session, we break down what CNSA 2.0 means for you. From timelines and algorithm changes to hybrid cryptography and real-world implementation guidance, this webinar will equip you with the insights to transition securely and strategically.
Key Takeaways:
Understand what CNSA 2.0 is and how it differs from CNSA 1.0
Explore the approved algorithm suite including ML-DSA, ML-KEM, SHA-2, and SHA-3
Review transition timelines, adoption mandates, and enforcement mechanisms
Learn how hybrid cryptography plays a role during the transition
Get ahead of compliance requirements and vendor expectations
Discover how to build a crypto-agile code signing strategy aligned with CNSA 2.0
See how Encryption Consulting can support your PQC readiness journey

Introduction to CNSA 2.0- Inside the NSA’s Push for Quantum-Resistant Security

Certificate Lifecycle Management doesn’t live in isolation, it needs to integrate with every part of your digital ecosystem. From load balancers, web servers and cloud platforms to DevOps pipelines and ITSM tools, understanding how CLM connects to your environment is critical for scalability, automation, and resilience.
 
In this webinar, we’ll explore the integrations surrounding CLM. We’ll walk through common integration scenarios, share lessons from real-world deployments, and offer practical guidance to help you align your CLM strategy with your operational workflows and business goals.
 
Key Takeaways
- Learn how CLM integrates with key systems like ADCS, Public CAs such as Digicert, GlobalSign, etc, Azure, AWS, ServiceNow, SIEM 
- Understand common integration patterns and the trade-offs involved in each
- Discover the must-have integrations for automation, visibility, and compliance
- Explore use cases across DevOps, cloud, IoT, and enterprise IT environments
- Identify potential integration pitfalls and how to avoid them
- Gain a framework to evaluate CLM tools based on your existing infrastructure
- See how integration maturity impacts certificate risk and outage prevention

Navigating the Integration Maze of Certificate Lifecycle Management

The transition from FIPS 140-2 to FIPS 140-3 is an important step toward modernizing cryptographic security. While FIPS 140-2 validations remain in effect until September 21, 2026, moving to FIPS 140-3 ensures continued alignment with federal standards.

This webinar is designed to help organizations better understand what the transition means in practical terms. We'll cover the key differences between FIPS 140-2 and FIPS 140-3, outline what to expect during the transition process, and share best practices to help you plan ahead with confidence. Whether you’re at the beginning of your journey or already preparing, this session will provide the clarity and insights you need to move forward smoothly.

Key Takeaways:
- Get a clear understanding of the FIPS 140-3 transition timeline and what the 2026 milestone means for cryptographic modules.
- Learn the key technical and procedural differences between FIPS 140-2 and FIPS 140-3.
- Understand the potential challenges of using modules certified under older standards as the transition progresses.
- Gain insights on how to review your cryptographic environment and prepare for future certification requirements.
- Walk away with practical steps to begin planning your transition to FIPS 140-3 with clarity and confidence.

From FIPS 140-2 to 140-3: What You Need to Know Before Time Runs Out

With traditional digital signature algorithms nearing obsolescence in the face of new cryptographic demands, organizations must act now to modernize their software signing strategies. This webinar explores how MLDSA and LMS, two powerful post-quantum signature schemes can be implemented to secure critical applications, firmware, and digital code.

Join us to learn how to integrate these algorithms into your signing infrastructure, why hybrid signing workflows are key for smoother adoption, and what practical steps you can take to future-proof your digital trust model.   
 
Key Takeaways:
- Understand how MLDSA and LMS work and why they are well-suited for securing software in a post-quantum world
- Learn how to implement MLDSA with tools like HSMs, signer scripts, and validation utilities
- Explore how to deploy LMS using the PQSDK to protect long-life assets like firmware and embedded systems
- Discover how hybrid signing enables smoother transitions by supporting both classical and post-quantum signatures
- Gain practical insight into creating MLDSA and LMS key pairs, signing files, and verifying signatures
- Learn how these signature schemes can be integrated into existing code signing infrastructure with minimal disruption
- Understand how MLDSA and LMS support regulatory compliance and long-term cryptographic agility

Implementing MLDSA and LMS to Secure the Future of Software Code-Signing

With NIST’s selection of post-quantum algorithms now finalized and global timelines beginning to take shape, cryptographic change is no longer a distant concern. Organizations that rely on public-key infrastructure, code signing, or encrypted communications need to start preparing for this shift to ensure long-term resilience and compliance.

In this webinar, we’ll unpack what the transition to quantum-safe cryptography means in practical terms. From understanding algorithm deprecation to identifying impacted systems, you’ll gain clear guidance on how to begin or advance your journey toward crypto agility.

Whether you're managing certificates, building secure systems, or guiding organizational risk, this session will help you move forward with clarity and confidence.

Key Takeaways:

- Understand what the move to post-quantum cryptography means for RSA, ECC, and other current algorithms
- Learn how to identify and assess your cryptographic assets and dependencies
- Explore what a practical PQC readiness roadmap looks like
- Get insight into the latest NIST algorithm selections and timelines
- Discover ways to reduce disruption while building toward quantum-safe infrastructure

Planning for Algorithm Deprecation and PQC Migration Across Your Cryptographic Infrastructure

As quantum computing advances, traditional encryption methods face increasing risks of becoming obsolete. This session explains why current cryptography is vulnerable and how Post-Quantum Cryptography provides a solution. You’ll learn about the key quantum threats, emerging PQC algorithms, and a clear readiness framework to assess and plan your transition. We cover the PQC maturity model, implementation timeline, migration challenges, and how Encryption Consulting can support your journey to quantum-safe security. By the end, you’ll have a concise roadmap to prepare your organization for a secure cryptographic future.

Your Post Quantum Cryptography Readiness Framework

Digital certificates are essential for secure communication, but when they expire or go unmanaged, they can bring your systems to a halt. Certificate-related outages have disrupted major organizations, leading to downtime, revenue loss, and reputational damage.

In this webinar, you’ll learn why certificate management must be part of your business continuity strategy. We’ll explore proactive approaches like automated renewals, disaster recovery planning, redundant certificate authority (CA) setups, and real-time alerting. Learn from real-world failures and discover how leading organizations avoided or recovered from outages through smarter certificate lifecycle management.

Key Takeaways:

 - Understand the critical role of certificate management in ensuring uptime and business continuity.
 - Learn how automation, renewal policies, and alerting can help prevent unexpected expirations.
 - Discover how to build resilience with disaster recovery plans and redundant CA configurations.
 - Analyze real-world outages caused by expired certificates and identify potential preventive measures.
 - Gain expert strategies for maintaining compliance and avoiding future certificate-related disruptions.

Your Guide To Preventing Certificate Outages & Maintaining Business Continuity

Code-signing is a critical pillar of software trust and security, yet it's often overlooked until a breach occurs. In this webinar, we’ll explore why securing your code-signing process is essential to maintaining software integrity, preventing unauthorized modifications, and protecting your reputation.

Learn about the most common vulnerabilities in code-signing workflows, the role of strong key management and HSMs, and how real-world breaches could have been prevented. Through actionable insights and practical examples, you'll discover how to implement a secure and scalable code-signing strategy.

Key Takeaways:

 - Understand the critical role of code-signing in software authenticity and integrity.
 - Identify common pitfalls and vulnerabilities in code-signing workflows.
 - Learn how to implement secure key storage using HSMs and best-in-class key management practices.
 - Analyze real-world incidents to uncover how weak code-signing led to breaches.
 - Gain actionable steps to build a scalable, secure, and automated code-signing strategy.

What You Don't Protect In Code-Signing Will Impact You

In this video, we explore the importance of FIPS 140-3 compliance, breaking down how organizations can meet these standards to enhance data security, reduce risk, and stay ahead of evolving threats. From assessing cryptographic policies to implementing validated encryption modules, we cover key steps to achieving compliance while ensuring long-term security and business continuity.

FIPS 140-3 | Compliance Framework

The NIS 2 Directive is set to reshape cybersecurity requirements across the EU, impacting a wide range of organizations. In this video, we break down what NIS 2 is, who it applies to, and the key compliance measures you need to know. From stricter incident reporting to enhanced supply chain security, we’ll cover the most critical aspects of the directive and what steps businesses should take to prepare. Stay ahead of compliance challenges and strengthen your security posture with this essential overview.

Navigating the NIS 2 Directive: Key Insights and Implications

It's time for organizations to transition from FIPS 140-2 to 140-3. The new FIPS 140-3 compliance comes with new security requirements, and every security requirement requires multiple measures that have to be taken into consideration for an effective transition. This session provides a detailed overview of the FIPS 140-2 and FIPS 140-3 frameworks, focusing on security requirements, levels, and key changes. Learn how to navigate the implementation process, understand critical terminologies, and prepare for FIPS 140-3 compliance.
 
Key Takeaways:
- Overview of FIPS 140-2 and FIPS 140-3 standards
- Key differences and changes introduced in FIPS 140-3
- Understanding security levels and scope of requirements
- Steps for transitioning from FIPS 140-2 to FIPS 140-3
- Practical insights for ensuring cryptographic compliance and security

EC-Conference2024: FIPS 140-2 and 140-3 Explained with Critical Insights for Cryptographic Security and Compliance

FIPS

FIPS 140-2

FIPS 140-3

FIPS Compliance

Regulatory Compliance

Compliance

Cybersecurity

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

EC-Conference2024: FIPS 140-2 and 140-3 Explained with Critical Insights for Cryptographic Security and Compliance

Presented by

About this talk

Encryption Consulting LLC