Our FIPS 140 Services

We offer FIPS 140 testing, consulting, and training services. We are looking forward to guiding you through a successful FIPS certification project!

Our FIPS Experience

Our laboratory is accredited by the National Institute of Standards and Technology (NIST) National Voluntary Laboratory Accreditation Program (NVLAP Laboratory Code 200968-0). We are accredited to perform FIPS 140-2, FIPS 140-3 and Cryptographic Algorithm testing.

Advanced Data Security has successfully completed a number of FIPS 140 and Algorithm testing projects for our customers including Qualcomm, Samsung, Broadcom, Intel, Lawrence Livermore National Laboratory, Palo Alto Networks, Marvell, Supermicro, Silver Peak/Aruba, Analog Devices, Box, Ruckus / Commscope, AMD Pensando, A10 Networks, Cloudian, Versa Networks, Attivo Networks / SentinelOne, CipherCloud /Lookout, Acronis, Fortanix, Maxlinear and others.

What are FIPS 140-2 and FIPS 140-3?

FIPS 140-2 and FIPS 140-3, Security Requirements for Cryptographic Modules, were issued by the National Institute of Standards and Technology, Computer Security Division (NIST). FIPS 140-3 is a new, modified version of FIPS 140-2. The standard specifies the security requirements that will be satisfied by a cryptographic module. The standard provides four increasing, qualitative levels of security: Level 1 through Level 4. This standard is applicable to all Federal agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems. Products validated as conforming to FIPS 140-2 and FIPS 140-3 are accepted by the Federal agencies of both U.S. and Canada for the protection of sensitive information.

The Cryptographic Module Validation Program (CMVP) is a joint effort between NIST and the Communications Security Establishment of the Government of Canada (CSEC). CMVP validates cryptographic modules to Federal Information Processing Standard (FIPS) 140-2, FIPS 140-3 and other cryptography based standards.

The text of FIPS 140-3, Security Requirements for Cryptographic Modules, can be found here and here.

Why Certify the Product?

FIPS 140-2 and FIPS 140-3 standards are mandatory requirements. Any U.S. Federal Government agency that uses cryptographic-based security systems to protect sensitive data in computer or other systems must only use FIPS 140-2 or FIPS 140-3 certified cryptographic modules. Therefore, any such product sold to the Federal Government must be FIPS certified.

Another very important reason to certify the product is to assure your customers that your cryptographic module meets rigorous security requirements of the FIPS standard.