Federal Information Processing Standards (FIPS) 140-2 is a U.S. standard for the security of cryptographic modules. It includes a broad set of security requirements covering everything from the physical security, cryptographic key management, roles and services, and cryptographic algorithm implementation that must be met before the cryptographic module can be approved as “validated”.
A cryptographic module includes all the hardware, software, and firmware components within a specified boundary that perform cryptographic operations. Examples of cryptographic modules are computer chips, cryptographic cards that go in a server, security appliances, and software libraries. A cryptographic module may, or may not, be the same as a sellable product. For example, a computer server doing cryptographic operations might have an internal crypto card that is the actual FIPS 140-2 validated crypto module.
The Commercial Solutions for Classified (CSfC) Program is a process that enables commercial products to be used in layered solutions to protect classified information while speeding up the deployment timeline so that a solution can be fielded in months, versus years. The program was designed to allow use of multiple unclassified commercial off the shelf (COTS) products instead of classified Type 1 Government accredited products to secure classified data within Government deployments.