FIPS 140-2 and FIPS 140-3 Testing and Consulting

What atsec offers
FIPS 140-2 and FIPS 140-3, short for the U.S. Federal Information Processing Standard 140-2/3, Security Requirements for Cryptographic Modules, specifies requirements related to the secure design and implementation of cryptographic modules that provide protection for sensitive or valuable data. atsec offers these cryptographic module testing services:

  • Consultation on FIPS 140-2 and FIPS 140-3 requirements
  • Assessment of your cryptographic module test readiness
  • Support for the production of the Security Policy, Finite State Model, and user documentation
  • Conformance testing of cryptographic modules, resulting in a certificate issued by the National Institute of Standards and Technology (NIST) and Canadian Center of Cyber Security (CCCS) Cryptographic Module Validation Program (CMVP)

Please take a look at our list of FIPS 140-2 and FIPS 140-3 certificates.

Why our services are important to you
If you plan to sell a product that includes a cryptographic module to a U.S. Federal Government agency that uses cryptographic-based security systems to protect sensitive data in computer or telecommunication systems, FIPS 140-2/FIPS 140-3 certification of that product is mandatory. In addition, FIPS 140-2/FIPS 140-3 certification of cryptographic modules is increasingly valued in other industry sectors (for example, banking) in which the protection of sensitive data by cryptographic-based solutions is critical. atsec is ready to partner with you to help you understand the requirements of the standard, assess your product’s readiness for FIPS 140-2/FIPS 140-3 validation, and perform the conformance testing that will earn certification of your cryptographic product.