Geotab achieves FIPS 140-2 validation for GO devices
Geotab becomes first telematics company to achieve FIPS 140-2 validation for its telematics device.
Geotab is pleased to announce an important milestone for our company and the telematics industry. The Geotab GO device cryptographic library has achieved FIPS 140-2 validation. The validation certificate can be viewed online at NIST Computer Security Resource Center (Certificate #3371).
Receiving FIPS 140-2 validation means that the cryptographic library on the GO fleet tracking device has passed the strict requirements and testing imposed by the U.S. Government and the Government of Canada. Read the full press release here.
Geotab becomes first telematics company to achieve validation
This is a significant step for Geotab, the telematics industry and the IoT industry as a whole. Geotab has become the first telematics company to achieve a FIPS 140-2 validated cryptographic library for a telematics device.
With this validation, Geotab joins an elite group of global leaders in security technology such as Microsoft, Apple, Google and Cisco, who have also achieved FIPS 140-2 validation.
See also: Federal Fleet Manager Cybersecurity Considerations for Telematics
What is FIPS 140-2 validation?
FIPS 140-2 validation is the benchmark for cryptographic modules protecting sensitive information in computer and telecommunication systems for the U.S. Government, Canadian Government, and military use.
The Federal Information Processing Standards (FIPS), are the standards and guidelines for federal computer systems. FIPS validation is administered by the Cryptographic Module Validation Program (CMVP), which is jointly operated by the National Institute of Standards and Technology (NIST) and the Communications Security Establishment (CSE) of Canada.
FIPS 140-2 validation underpins the security of much of the information technology that we encounter in our daily lives.
Cryptography, in general, is fundamental to the protection of personal and sensitive information. Encryption, or the process of randomizing/disguising information based on a secret code, shared secret, or key, where only the intended recipient can reverse the encryption in order to see the original information, has been used since ancient times. Today, with so much data being generated and transmitted (Domo estimates it to be 2.5 quintillion bytes per day), encrypting data for privacy and security is more important than ever.
Security benefit for Geotab-connected fleets
Geotab customers do not need to take any action related to this announcement. Geotab is in the process of rolling out this new cryptographic library to all GO devices through Geotab’s secured Over The Air (OTA) firmware update.
Whether you monitor five heavy trucks or a fleet of a hundred thousand vehicles, your business critical telematics data is going to continue to be protected. The FIPS 140-2 validated cryptographic library means that data is securely encrypted when stored on a GO device, and securely encrypted when transmitted from the GO device to the MyGeotab solution.
Visit Geotab’s Security Center for more info
FIPS 140-2 validation is just one part of a Geotab’s overall security program. You can read more about Geotab's Technical and Organizational Data Security Measures (TOMS), Geotab's commitment to a Secure Software Development Life Cycle (SSDLC), and view the details of our Responsible Disclosure program in the Geotab Security Center.
Geotab's security program continues to grow and evolve. To stay up-to-date on Geotab security, telematics security, and fleet best practices, sign up for the Geotab monthly newsletter.
Read more on security:
Securing the Future of Connected Mobility
15 Security Recommendations for Building a Telematics Platform Resilient to Cyber Threats
Best Practices for Cybersecurity Management in Telematics [white paper]
A Quick History of Vehicle Cybersecurity
If you liked this post, let us know!
Ryan Brander is an Associate Vice President, Security for Geotab.
Geotab's blog posts are intended to provide information and encourage discussion on topics of interest to the telematics community at large. Geotab is not providing technical, professional or legal advice through these blog posts. While every effort has been made to ensure the information in this blog post is timely and accurate, errors and omissions may occur, and the information presented here may become out-of-date with the passage of time.
Subscribe to the Geotab Blog
Sign up for monthly news and tips from our award-winning fleet management blog. You can unsubscribe at any time.
Other posts you might like
ELD self-certification: What you need to know
Get answers to frequently asked questions about ELD self-certification.
April 15, 2021
A five-step sanctions-control action plan for the telematics industry
Recent U.S. sanctions enforcement action has lessons for telematics providers.
April 9, 2021
ELD data transfer options for Geotab Drive
Learn how to perform ELD data transfers at inspection sites with Geotab Drive.
April 6, 2021