What is the FIPS 140-2 Standard?

Definition: The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer security standards that specify requirements for cryptographic modules, providing four increasing qualitative levels intended to cover a wide range of potential applications and environments. The NIST created FIPS 140-2, which is required for US and Canadian government procurements in accordance with the Federal Information Security Management Act (FISMA).


FIPS 140-2 Standard explained

The 140 series of FIPS are the standards that deal with computer cryptographic modules, which involves both hardware and software components used by the departments and agencies of the United States Federal Government. FIPS 140-2 is the current industry standard. FIPS 140-2 provides regulations for physical tamper-resistance, role-based authentication, and physical and logical separation of interfaces through which “critical security parameters” pass.

FIPS 140-2 has four levels, each of which is more stringent than the one before it:

  • FIPS 140-2 Level 1 the lowest, imposes very limited requirements; loosely, all components must be "production-grade" and various egregious kinds of insecurity must be absent.
  • FIPS 140-2 Level 2 adds requirements for physical tamper-evidence and role-based authentication.
  • FIPS 140-2 Level 3 adds requirements for physical tamper-resistance (making it difficult for attackers to gain access to sensitive information contained in the module) and identity-based authentication, and for a physical or logical separation between the interfaces by which "critical security parameters" enter and leave the module, and its other interfaces.
  • FIPS 140-2 Level 4 makes the physical security requirements more stringent, and requires robustness against environmental attacks.

To certify a cryptographic module such as an HSM, private vendors must first undergo a series of FIPS testing by an independent, accredited Cryptographic and Security Testing (CST) laboratory, such as the National Voluntary Lab Accreditation Program.

Utimaco has validated various cryptographic modules against the FIPS 140-2 standard.

Blog posts

Blog posts

Related products

Related products

Contact us

We look forward to answering your questions.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      About Utimaco's Downloads

      Visit our Downloads section and select from resources such as brochures, data sheets, white papers and much more. You can view and save almost all of them directly (by clicking the download button).

      For some documents, your e-mail address needs to be verified. The button contains an e-mail icon.

      Download via e-mail


      A click on such a button opens an online form which we kindly ask you to fill and submit. You can collect several downloads of this type and receive the links via e-mail by simply submitting one form for all of them. Your current collection is empty.