FIPS 140-3 Certification
In the era of digitalization, keeping information secure is a critical business requirement. A range of standards, regulations, and technology best practices exist to protect digital information.
As your partner for safety at work, DEKRA offers expert product-certification services for the FIPS 140-3 standard and ISO 19790 standard required for companies working with the United States federal government.
What is FIPS?
The Federal Information Processing Standards, also known as FIPS, are data security and computer system standards that govern the protection of data of the United States federal government.
FIPS was created, and is overseen, by the National Institute of Standards and Technology (NIST), part of the Department of Commerce. FIPS is not a single standard. Instead, it’s a collection of standards governing different facets of information security. Each standard is referred to by its publication number, such as 140.
Who needs FIPS certification?
Government agencies, contractors, partners, service providers, and those who plan to do business with the U.S. federal government are required to adhere to FIPS when collecting, storing, sharing, transferring, or disseminating sensitive data, such as personally identifiable information.
What is the difference between FIPS 140-2 and 140-3?
FIPS 140-3 is the current standard covering cryptography implemented in hardware, firmware, and software products, and it references the ISO 19790 security requirements standard and the ISO 24759 testing requirements standard. FIPS 140-3 supersedes the previous 140-2 standard and came into effect in 2019.
Contact us if you would like more information on transitioning from FIPS 140-2 to 140-3 or the status of FIPS 140-2 certified modules.
What is the validation process for FIPS certification?
Our FIPS 140-3 evaluation validates that the cryptographic model utilized within a system meets requirements of the United States federal government.
In order to become FIPS 140-3 certified, all components of a system (hardware, firmware, and software) must be tested and approved. The entire process takes six to nine months, on average. DEKRA certification laboratory members have more than 20 years of experience in evaluations with all types of cryptographic modules. During the validation process, our experts are your trusted partner helping you navigate the process, mitigate risk, and ensure a successful validation.