A week after the US government passed a law banning Hikvision, Hikvision announced it had obtained a FIPS 140-2 certification from the US government with Hikvision touting it as "another important milestone in Hikvision's cybersecurity program."
Many rightfully wondered: Had the US government changed its mind? Is the US government contradicting itself? Is Hikvision now backdoor free?
Here are key findings from our research:
- The certification does not cover nor address backdoors nor cybersecurity vulnerabilities.
- Hikvision has, undisclosed, rebranded the widely used open source OpenSSL as 'HikSSL' for the certification.
- The 15+ year-old specification is rarely, if ever, required by US government agencies for video surveillance.
- While the move is a marketing one, for Hikvision it is money well spent to help booster its brand, especially with its supporters and employees.
Inside, we examine each of these points in-depth.