FIPS 140-3 is (Finally) Here

FIPS 140-3, titled Security Requirements for Cryptographic Modules, is the third update to the FIPS 140 benchmark established by NIST to specify the security requirements for cryptographic modules and a testing methodology for confirming conformance. Companies selling technology with encryption to the public sector often must obtain FIPS 140 certification that their cryptography has been tested and approved for government use. In addition, other security compliance frameworks, including Common Criteria, DoDIN APL, FedRAMP, StateRAMP, CMMC 2.0, CNSA 2.0 and the HIPAA security rule, have adopted FIPS 140 as the gold standard for cryptography.

NIST published FIPS 140-3 in 2019. For cryptography industry insiders, the FIPS 140-3 transition has generated waves of activity. But what about cryptography consumers? After five years, FIPS 140-3 certifications are finally becoming available from the Cryptographic Module Validation Program (CMVP) in sufficient quantities to impact public sector procurements. What does the availability of FIPS 140-3 mean for government agencies, their vendors, and integrators?

During this webinar, attendees learned:

• How FIPS 140-3 improves upon FIPS 140-2
• The timeline for the eventual retirement of all FIPS 140-2 certificates
• The challenges vendors and integrators face to achieve and maintain FIPS 140-3 active validation 
• Additional requirements NIST is adding to FIPS 140-3 including post-quantum cryptography (PQC) and entropy source validation (ESV)
• How SafeLogic’s FIPS Validation-as-a-Service expedites and maintains FIPS 140-3 validations over time