FIPS 140 / FIPS 140-3
What is FIPS 140 / FIPS 140-3?
FIPS 140 / FIPS 140-3US federal standard, maintained by NIST, that defines security requirements for cryptographic modules and their certification through accredited labs.
FIPS 140 is the family of US federal information-processing standards (FIPS 140-2 and the current FIPS 140-3, aligned with ISO/IEC 19790) that specify security requirements for cryptographic modules: approved algorithms, role-based authentication, key management, self-tests, physical security, side-channel resistance, and operating environment. Modules are validated by accredited CMVP labs at one of four security levels, from Level 1 (software with approved algorithms) to Level 4 (full envelope tamper detection). FIPS 140 is mandatory for cryptography handling US federal data and is widely required by FedRAMP, DoD, financial regulators, healthcare, and many enterprise buyers globally.
● Examples
- 01
An HSM validated under FIPS 140-3 Level 3 used to protect a root CA private key.
- 02
A FIPS 140-2 Level 1 validated TLS library required for selling to US federal agencies.
● Frequently asked questions
What is FIPS 140 / FIPS 140-3?
US federal standard, maintained by NIST, that defines security requirements for cryptographic modules and their certification through accredited labs. It belongs to the Cryptography category of cybersecurity.
What does FIPS 140 / FIPS 140-3 mean?
US federal standard, maintained by NIST, that defines security requirements for cryptographic modules and their certification through accredited labs.
How do you defend against FIPS 140 / FIPS 140-3?
Defences for FIPS 140 / FIPS 140-3 typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for FIPS 140 / FIPS 140-3?
Common alternative names include: FIPS 140-2, FIPS 140-3.