Federal Information Processing Standards (FIPS) 140 is a U.S. standard for the security of cryptographic modules. It includes a broad set of security requirements covering everything from the physical security, cryptographic key management, roles and services, and cryptographic algorithm implementation that must be met before the cryptographic module can be approved as “validated”.
A cryptographic module includes all the hardware, software, and firmware components within a specified boundary that perform cryptographic operations. Examples of cryptographic modules are computer chips, cryptographic cards that go in a server, security appliances, and software libraries. A cryptographic module may, or may not, be the same as a sellable product. For example, a computer server doing cryptographic operations might have an internal crypto card that is the actual FIPS 140 validated crypto module
Certificate Number | Module Name | Security Level |
Authentication | ||
Safeword3300 Platinum V2F | FIPS 140-3 | |
IDCore 3230/230 Platforn | FIPS 140-3 | |
eToken 5300 | FIPS 140-2 Level 2. Applicable to CipherTrust k160 | |
IDPrime 3930 FIDO | FIPS 140-2 Level 2 | |
eToken 5110+ FIPS | FIPS 140-2 Level 3 | |
eToken 5110+ FIPS | FIPS 140-2 Level 2 | |
IDPrime 930 / 3930 | FIPS 140-2 Level 3 | |
IDPrime PIV v3.0 Applet on IDCore 3130 Platform | FIPS 140-2 Level 2 | |
IDCore 3130 Platform | FIPS 140-2 Level 3 | |
HID Global ActivID Applet Suite v2.7.4 on Gemalto TOPDLv2.1 | FIPS 140-2 Level 2 | |
eToken 5110 | FIPS 140-2 Level 3. Applicable to KeySecure G160 | |
CipherTrust Data Security Platform | ||
CipherTrust Transparent Encryption Cryptographic Module | FIPS 140-3 | |
Thales CipherTrust Application Data Protection CryptoAPI (CADP CryptoAPI) Module | FIPS 140-2 Level 1. CipherTrust Data Security Platform | |
Thales CipherTrust Manager Core Security Module | FIPS 140-2 Level 1. Applicable for CipherTrust Manager | |
Thales CipherTrust Cryptographic Provider (CCP) | FIPS 140-2 Level 1 | |
CipherTrust Transparent Encryption Cryptographic Module | FIPS 140-2 Level 1. Applicable for Vormetric Transparent Encryption (VTE) and CipherTrust Transparent Encryption (CTE) offerings | |
Luna T7 Cryptographic Module | FIPS 140-2 Level 3. Applicable for T-2000 and T-5000 models of the Luna Network HSM and Luna PCIe HSM. Applicable to TCT version of CipherTrust k570 | |
SafeNet Cryptovisor K7 Cryptographic Module | FIPS 140-2 Level 3. Applicable for Thales Data Protection on Demand (DPOD). DPOD is an integration option with CipherTrust Manager | |
Thales Luna K7 Cryptographic Module | FIPS 140-2 Level 3. Applicable for Luna HSM 7 A-Series and S-Series models of the Luna Network HSM and Luna PCIe HSM. Applicable to CPL version of CipherTrust k570 | |
eToken 5300 | FIPS 140-2 Level 2. Applicable to CipherTrust k160 | |
Hardware Security Modules | ||
Luna M7 Cryptographic Module | FIPS 140-3 | |
ProtectServer PCIe HSM 3 | FIPS 140-3 | |
Thales Luna K7 Cryptographic Module | FIPS 140-3 | |
Thales Luna G7 Cryptographic Module | FIPS 140-3 | |
Thales Cryptovisor K7+ Cryptographic Module | FIPS 140-2 Level 3 | |
Thales Cryptovisor K7 Cryptographic Module | FIPS 140-2 Level 3 | |
Thales Luna Backup HSM Cryptographic Module | FIPS 140-2 Level 3 | |
ProtectServer PCIe HSM 3 | FIPS 140-2 Level 3 | |
Thales Luna K7 Cryptographic Module | FIPS 140-2 Level 3 | |
Luna T7 Cryptographic Module | FIPS 140-2 Level 3. Applicable for T-2000 and T-5000 models of the Luna Network HSM and Luna PCIe HSM. Applicable to TCT version of CipherTrust k570. | |
SafeNet Cryptovisor K7 Cryptographic Module | FIPS 140-2 Level 3. Applicable for Thales Data Protection on Demand (DPOD). DPOD is an integration option with CipherTrust Manager. | |
Thales Luna K7 Cryptographic Module | FIPS 140-2 Level 3. Applicable for Luna HSM 7 A-Series and S-Series models of the Luna Network HSM and Luna PCIe HSM. Applicable to CPL version of CipherTrust k570. | |
Luna G5 Cryptographic Module | FIPS 140-2 Level 3 | |
Luna PCI-E Cryptographic Module & Luna PCI-E Cryptographic Module for Luna SA | FIPS 140-2 Level 3 for PCI-E HSM, and embedded PCI-E in Luna SA HSM and KeySecure G460 | |
Luna PCI-E Cryptographic Module & Luna PCI-E Cryptographic Module for Luna SA | FIPS 140-2 Level 2 for PCI-E HSM, and embedded PCI-E in Luna SA HSM | |
Luna G5 Cryptographic Module | FIPS 140-2 Level 2 | |
Luna Backup HSM Cryptographic Module | FIPS 140-2 Level 3 | |
Network Encryptors | ||
CE Crypto Module | FIPS 140-3 Level 1 | |
CN Series Encryptors | FIPS 140-3 Level 3 | |
CN6000 Series Encryptors | FIPS 140-2 Level 3 | |
CN Series Encryptors | FIPS 140-2 Level 3 | |
Vormetric Data Security Platform | ||
HSM card within Vormetric Data Security Manager (V6100) | Embedded FIPS 140-2 Level 3 HSM provides additional layer of security to Vormetric Data Security Manager. | |
Vormetric Data Security Manager Virtual Appliance Module | FIPS 140-2 Level 1 | |
Vormetric Data Security Manager Module (V6000) | FIPS 140-2 Level 2 | |
Vormetric Application Encryption Module | FIPS 140-2 Level 1 | |
KeySecure for Government | ||
eToken 5110 | FIPS 140-2 Level 3. Applicable to KeySecure G160. | |
Luna PCI-E Cryptographic Module & Luna PCI-E Cryptographic Module for Luna SA | FIPS 140-2 Level 3 for PCI-E HSM, and embedded PCI-E in Luna SA HSM and KeySecure G460 | |
SafeNet Software Cryptographic Library | FIPS 140-2 Level 1 for SSCL component in the KeySecure and Connector product lines | |
NIST Special Publication 800-53 Rev. 4
NIST Special Publication 800-53 Rev. 4 outlines Security Controls and Assessment Procedures for Federal Information Systems and Organizations. Control SC-13 Cryptographic Protection in SP800-53 calls out for cryptographic protection and states that generally applicable cryptographic standards include FIPS-validated cryptography (i.e. use of FIPS 140-2 validated crypto modules) or NSA-approved cryptography. There are a number of other controls such SC-28 Protection of Information at Rest, SC-8 Transmission Confidentiality, and IA-7 Cryptographic Module Authentication that are often tailored to require the use of cryptography and thus trace back to SC-13 and the requirement for a FIPS 140-2 validated module.
Department of Defense Information Network Approved Product List (DoDIN APL)
The DoDIN APL process guide states that all products providing cryptographic-based security per applicable Federal Law and STIG requirements must be certified to FIPS 140-2 standards per the Cryptographic Module Validation Program (CMVP). Products that are required to have a FIPS 140-2 certification must already be FIPS 140-2 certified or proven to be in process for FIPS 140-2 certification prior to being accepted into the DoDIN APL process.
Federal Information Security Management Act (FISMA)
FISMA includes a requirement to utilize security controls and state that organizations must meet the minimum security requirements by selecting the appropriate security controls and assurance requirements as described in NIST SP800-53. It also states that FIPS 140-2 encryption is considered an appropriate control to protect data in all states (i.e. at rest, in motion) and for all types of applications (e.g. data storage, transmission between systems, remote access, wireless access, etc.).
Federal Risk and Authorization Management Program (FedRAMP)
FedRAMP Security Controls outlines specific security controls that Cloud Service Providers (CSPs) must adhere to when providing cloud-based services to the government. These controls are for the use of encryption for access control, encryption of data at rest, data separation, storage media sanitization, and the use of FIPS 140-2 cryptography.
Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) recommends products certified for the FIPS 140-2 encryption standard to protect healthcare data.
Commercial Solutions for Classified (CSfC)
CSfC specifies that the vendor’s product must be, among other things, FIPS certified, and that CSfC components must have completed CAVP testing.