What is FIPS 140-2?

FIPS 140-2, Security Requirements for Cryptographic Modules, was issued by the National Institute of Standards and Technology, Computer Security Division (NIST). The standard specifies the security requirements that will be satisfied by a cryptographic module. The standard provides four increasing, qualitative levels of security: Level 1 through Level 4. This standard is applicable to all Federal agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems. Products validated as conforming to FIPS 140-2 are accepted by the Federal agencies of both U.S. and Canada for the protection of sensitive information.

The Cryptographic Module Validation Program (CMVP) is a joint effort between NIST and the Communications Security Establishment of the Government of Canada (CSEC). CMVP validates cryptographic modules to Federal Information Processing Standard (FIPS) 140-2 and other cryptography based standards.

The text of FIPS 140-2, Security Requirements for Cryptographic Modules, can be found here.

Our FIPS 140-2 Services

We offer FIPS 140-2 testing, consulting, and training services. We are looking forward to guiding you through a successful FIPS certification project!

Why Certify the Product?

FIPS 140-2 is a mandatory requirement. Any U.S. Federal Government agency that uses cryptographic-based security systems to protect sensitive data in computer or other systems must only use FIPS 140-2 or FIPS 140-1 certified cryptographic modules. Therefore, any such product sold to the Federal Government must be FIPS certified.

Another very important reason to certify the product is to assure your customers that your cryptographic module meets rigorous security requirements of the FIPS standard.

You may find a list of Validated Modules here and the list of Modules in Process here.