ISC2 Certified Cloud Security Professional (CCSP) Practice Question
During due-diligence for moving a public key infrastructure (PKI) workload to a public cloud, your compliance team states that all modules containing root CA private keys must be validated to at least FIPS 140-2 Level 3. The cloud provider claims its multitenant hardware security modules (HSMs) satisfy this requirement. To confirm the claim with minimal additional testing effort, which single piece of evidence should you request from the provider?
A recent SOC 2 Type II report that includes the Trust Services Criteria for Security and Confidentiality
A Common Criteria Evaluation Assurance Level 4+ certificate for the HSM hardware
The cloud provider's ISO/IEC 27001:2013 certification scope statement covering its key management service
A CMVP validation certificate listing the HSM hardware and firmware as FIPS 140-2 Level 3 compliant
FIPS 140-2 is a U.S. and Canadian government standard that requires independent laboratory testing of cryptographic modules. When a product successfully completes testing, it is listed on the NIST/CCC CMVP validated products list and issued an official certificate that identifies the vendor, module name, version and the security level (Levels 1-4). Requesting that certificate immediately shows whether the exact HSM hardware and firmware you will rely on is validated to Level 3.
A Common Criteria EAL4+ certificate is a different international evaluation scheme that does not attest to FIPS 140-2 compliance. ISO/IEC 27001 certification and SOC 2 Type II reports address organizational controls, not detailed cryptographic module validation, and therefore do not prove that the HSM itself meets FIPS 140-2 Level 3 requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does FIPS 140-2 Level 3 mean?
Open an interactive chat with Bash
What is the role of a hardware security module (HSM) in protecting private keys?
Open an interactive chat with Bash
Why is the CMVP validation certificate important for FIPS 140-2 compliance?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Concepts, Architecture and Design
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .