info@pensec.org
+1 (503) 850-4999
Home / FIPS1403

FIPS 140-3

The Federal Information Processing Standard (FIPS) was established in 1996 under the Information Technology Reform Act and the Computer Security Act and became the responsibility of the National Institute of Standards and Technology (NIST). NIST author and develop the respective FIPS standards and guidelines. FIPS 140-1, FIPS 140-2 and FIPS 140-3 standards were developed to be used by Federal organizations that utilize cryptographic-based security systems for the protection of sensitive but unclassified information. This information is protected utilizing a cryptographic module. FIPS 140-3 provides four increasing security levels (1 - 4) and accommodates various module types (e.g. hardware, software, etc.). It mandates requirements for the secure design and implementation of a cryptographic module covering the following domains:

  • Cryptographic Module Specification
  • Cryptographic Module Interfaces
  • Roles, Services, and Authentication
  • Software/Firmware Security
  • Operational Environment
  • Physical Security
  • Non-Invasive Secuirity
  • Sensitive Security Parameter Management
  • Cryptographic Algorithm and Module Self-Testing
  • Lifecycle Assurance
  • Mitigation of other Attacks

The Cryptographic Module Validation Program (CMVP) validates cryptographic modules to FIPS 140-3 and other cryptographic based standards. The CMVP is a collaboration between the United States and Canada. Products validated as conforming to FIPS 140-3 are accepted by the Federal agencies of both countries. Cryptographic modules are conformance tested by independent, accredited testing laboratories. Testing reports are submitted to the CMVP for validation and the issuance of a certification. The National Voluntary Laboratory Accreditation Program (NVLAP) accredits laboratories to perform cryptographic module conformance testing.

Penumbra Security is accredited under NVLAP (Laboratory Code 200983-0) for test methods for FIPS 140-2 Levels 1-4, Security Requirements for Cryptographic Modules, and for testing of Approved security functions.

Penumbra also offers evaluations to the ISO/IEC 19790 second edition 2012 08 15 Information technology – Security techniques – Security requirements for cryptographic modules.

Notices

10/07/22 - FIPS 140-3 IG (Release) 03/20/20 - SP 800-140 (Release) 7/23/19 - NIST SP 800-133 5/23/19 - NIST SP 800-57 Pt2 5/1/19 - FIPS 140-3 Signed 3/21/19 - NIST SP 800-131A 3/21/19 - NIST SP 800-56B

Events

ICEU Cybersecurity 2023 ICMC 2023

Links

CMVP CAVP MIPS List FIPS 140

We Look Forward To Hearing From You.

Enquire Now