Technologies

What is the FIPS 140-2 Standard?

Definition: The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer security standards that specify requirements for cryptographic modules, providing four increasing qualitative levels intended to cover a wide range of potential applications and environments. The NIST created FIPS 140-2, which is required for US and Canadian government procurements in accordance with the Federal Information Security Management Act (FISMA).

Explanation

FIPS 140-2 Standard explained

The 140 series of FIPS are the standards that deal with computer cryptographic modules, which involves both hardware and software components used by the departments and agencies of the United States Federal Government. FIPS 140-2 is the current industry standard. FIPS 140-2 provides regulations for physical tamper-resistance, role-based authentication, and physical and logical separation of interfaces through which “critical security parameters” pass.

FIPS 140-2 has four levels, each of which is more stringent than the one before it:

  • FIPS 140-2 Level 1 the lowest, imposes very limited requirements; loosely, all components must be "production-grade" and various egregious kinds of insecurity must be absent.
  • FIPS 140-2 Level 2 adds requirements for physical tamper-evidence and role-based authentication.
  • FIPS 140-2 Level 3 adds requirements for physical tamper-resistance (making it difficult for attackers to gain access to sensitive information contained in the module) and identity-based authentication, and for a physical or logical separation between the interfaces by which "critical security parameters" enter and leave the module, and its other interfaces.
  • FIPS 140-2 Level 4 makes the physical security requirements more stringent, and requires robustness against environmental attacks.

To certify a cryptographic module such as an HSM, private vendors must first undergo a series of FIPS testing by an independent, accredited Cryptographic and Security Testing (CST) laboratory, such as the National Voluntary Lab Accreditation Program.

Utimaco has validated various cryptographic modules against the FIPS 140-2 standard.

Blog posts

Blog posts

Introductiuon into hsm
Blog post

Introduction to hardware security modules (HSM): “FIPS 140-2 tested and certified”
News & Events
Press release

Utimaco achieves FIPS 140-2 Level 3 validation for u.trust Anchor, its next generation Root-of-Trust HSM platform
eskm stage safe door
Blog post

FIPS Certified Encryption Keys for Federal Cybersecurity

blog-technical-and-financial-advantages-of-permissioned-blockchains
Blog post

The Key Role of HSMs in Secure Permissioned Blockchains for Banking and Payment Services
Related products

Related products

utrust-anchor-csar

u.trust Anchor CSAR

financial-service-hsm-atalla-at1000

Atalla AT1000

Hsm

Block-safe
hsm-key-management-eskm

Enterprise Secure Key Manager (ESKM)

key-bridge-poi

KeyBRIDGE POI
key-bridge-token

KeyBRIDGE TokenBRIDGE

Contact us

We look forward to answering your questions.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      Your collection of download requests is empty. Visit our Downloads section and select from resources such as data sheets, white papers, webinar recordings and much more. 

      Downloads

       

      How can we help you futher?

      0