We use cookies on our website to personalize content and ads, to provide social media features and to analyze traffic to our website. To provide you with a convenient online experience and to improve our communications, please click "ACCEPT ALL". By doing so, you consent to the processing and sharing of your information with our social media, advertising and analytics partners. You can revoke your consent at any time in the settings.
Data protection declaration | Legal notices
Setting

FIPS 140-3

With the advancement of cryptographic technology, the FIPS 140 standard has evolved and is now updated to its third edition - FIPS 140-3. All cryptographic module developers, cryptographic accelerator developers, and other regulated industries selling any hardware or software cryptographic module must support the algorithms listed in the FIPS 140-3 approved list. Additionally, they must comply with the relevant algorithm and cryptographic module requirements and have these algorithms' actual operation validated by accredited laboratories. Due to the high security standards set by FIPS 140-3, industries such as healthcare and finance are evaluating and adopting this standard to protect their sensitive data, including personal data protection and cryptographic security.

Why FIPS?

1. Customers demand that product designs must comply with FIPS.
2. The product will be sold to government departments, healthcare, finance, and other industries.
3. The product aims to enter the federal government or markets in the United States or Canada.
4. Competitors have already achieved FIPS compliance.

The FIPS 140-3 validation program and its related requirements include the following

The National Institute of Standards and Technology (NIST) of the United States has established cryptographic algorithm validation program and cryptographic module validation program as part of the FIPS 140 series standards. These programs provide testing and validation schemes for cryptographic algorithms and cryptographic modules, respectively:

The four security levels of cryptographic modules (Security Level)

1. Level 1 (Low) is the minimum requirement, and Level 4 (High) is the most stringent.
2. Security requirements are cumulative, with higher levels encompassing all security requirements of lower levels.
3. 11 security areas
  • Each security area is rated between Level 1 to Level 4 security levels.
  • The lowest security level rating among these determines the overall level of the cryptographic module (Overall Level).