The Federal Information Processing Standard (FIPS) Publication 140-2 (FIPS PUB 140-2), commonly referred as FIPS 140-2, is a US government computer security standard used to validate cryptographic modules. FIPS 140-2 was created by theNISTand, per theFISMA, is mandatory for US and Canadian government procurements. Many global organizations are also mandated to meet this standard.
[It] provides a standard that will be used by Federal organizations when these organizations specify that cryptographic-based security systems are to be used to provide protection for sensitive or valuable data. Protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module. This standard specifies the security requirements that will be satisfied by a cryptographic module.
… The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include cryptographic module specification; cryptographic module ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks.
Certification Authorities
The US NIST (National Institute of Standards and Technology) and Canadian CSE (Communications Security Establishment) jointly participate as certification authorities in the CMVP (Cryptographic Module Validation Program) to provide validation of cryptographic modules to the FIPS 140-2 standard.
FIPS (Federal Information Processing Standard) 140-2
FIPS (Federal Information Processing Standard) 140-2
The Federal Information Processing Standard Publication 140-2, (FIPS PUB 140-2), is a U.S. government computer security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on May 25, 2001, and was last updated December 3, 2002.
is the benchmark for validating the effectiveness of cryptographic hardware. If a product has a FIPS 140-2 certificate you know that it has been tested and formally validated by the U.S. and Canadian Governments.
To achieve FIPS 140-2 validation or certification, all components of a security solution, including both hardware and software, must undergo testing and approval by one of the NIST-accredited independent laboratories.
The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard that defines minimum security requirements for cryptographic modules in information technology products, as defined in Section 5131 of the Information Technology Management Reform Act of 1996.
How to tell if it's real FIPS 140-2. The easiest way to determine if your CSP is FIPS 140-2 certified is to check the NIST Cryptographic Module Validation Program (CMVP) website. Click here to search for a company's name in NIST's Validated Modules database.
FIPS (Federal Information Processing Standard) 140-2 is the benchmark for validating the effectiveness of cryptographic hardware. If a product has a FIPS 140-2 certificate you know that it has been tested and formally validated by the U.S. and Canadian Governments.
A security system that's FIPS certified is likely to provide greater data security than one that's FIPS compliant. Companies that advertise FIPS-certified systems typically provide safer products, as only systems that pass rigorous testing receive validation from NIST-approved labs and receive a FIPS certification.
FIPS compliance means a product meets all the necessary security requirements established by the U.S. government for protecting sensitive information. To be FIPS-compliant, a product must adhere to rigid standards, pass rigorous testing, and be certified by NIST.
Alternative cryptography standards to FIPS 140-2 that can be used as a substitute include AES (Advanced Encryption Standard), Camellia, and Serpent. However, each of these other options comes with its own set of pros and cons, so it is important to select the one that best serves the purpose.
The U.S. federal government's transition to the FIPS 140-3 cryptography standard has begun, with NIST announcing that all FIPS 140-2 certificates will be retired in September 2026.
FIPS (Federal Information Processing Standards) are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies. Learn More.
Access the printer's Embedded Web Server and log in as a System Administrator. From your computer or network-connected device (on the same network as the printer) open a Web browser. ...
Encrypting data in motion is straightforward: Valid encryption processes must “comply with the requirements of Federal Information Processing Standards (FIPS) 140–2.” While there are many technical requirements involved, finding a vendor that offer products that are FIPS 140-2 compliant, is the solution.
FIPS 140-2 required modules to support a crypto officer role and a user role, with an optional maintenance role. In FIPS 140-3, the crypto officer role is the only required role. For levels 1-3, FIPS 140-2 and 140-3 are fairly similar. However, FIPS 140-3 requires multi-factor authentication at Level 4.
FIPS are standards for federal computer systems that are developed by the National Institute of Standards and Technology (NIST) and approved by the Secretary of Commerce in accordance with the Information Technology Management Reform Act of 1996 and Computer Security Act of 1987.
Enhances data protection: FIPS sets high standards, which are necessary to protect data. Federal government agencies store, use and share large amounts of sensitive information across different devices and systems, and it's only reasonable to put the best possible security measures in place.
Access the printer's Embedded Web Server and log in as a System Administrator. From your computer or network-connected device (on the same network as the printer) open a Web browser. ...
The U.S. federal government's transition to the FIPS 140-3 cryptography standard has begun, with NIST announcing that all FIPS 140-2 certificates will be retired in September 2026.
The standard specifies key generation, storage, and transmission requirements to ensure that cryptographic keys are protected from unauthorized access or tampering. This includes requirements for secure key storage, secure key transmission, and the use of secure key escrow processes.
FIPS 140-2 certification ensures that cryptographic modules meet the highest levels of security and confidentiality so organizations better mitigate the risk of unauthorized access to confidential information like CUI, CDI, and FCI.
Address: Suite 769 2454 Marsha Coves, Debbieton, MS 95002
Phone: +813077629322
Job: Real-Estate Executive
Hobby: Archery, Metal detecting, Kitesurfing, Genealogy, Kitesurfing, Calligraphy, Roller skating
Introduction: My name is Gov. Deandrea McKenzie, I am a spotless, clean, glamorous, sparkling, adventurous, nice, brainy person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.