What is FIPS 140-2?
FIPS 140-2 was developed by the National Institute of Standards and Technology (NIST) in order to establish security requirements for cryptographic modules to be used for processing sensitive material. Vendor devices are certified by NIST authorized testing labs, which verify that each approved device meets specific security requirements. This certification is recognized by all government agencies seeking to procure equipment containing validated cryptographic modules.
The Federal Information Processing Standard (FIPS) was established by the National Institute of Standards and Technology (NIST). In particular, FIPS 140-2 is the current version of “Security Requirements for Cryptographic Modules” and is the foundation for the Cryptographic Module Validation Program (CMVP), a joint effort by the NIST and the Communications Security Establishment (CSE) for the Canadian government. Cryptographic modules are produced by the private sector or open source communities for use by the U.S. government and other regulated industries (such as financial institutions and health-care organizations) that collect, store, transfer, share and disseminate “sensitive, but un-classified (SBU)” information. Cryptographic modules can be submitted to the CVMP for accreditation. A full list of accredited modules is maintained by NIST – View Accredited Modules.
