FIPS 140-2

Last updated January 11, 2024

The Federal Information Processing Standard Publication 140-2, (FIPS PUB 140-2),^[1]^[2] is a U.S. government computer security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on May 25, 2001, and was last updated December 3, 2002.

Its successor, FIPS 140-3, was approved on March 22, 2019, and became effective on September 22, 2019.^[3] FIPS 140-3 testing began on September 22, 2020, and the first FIPS 140-3 validation certificates were issued in December 2022.^[4] FIPS 140-2 testing was still available until September 21, 2021 (later changed for applications already in progress to April 1, 2022^[5]), creating an overlapping transition period of more than one year. FIPS 140-2 test reports that remain in the CMVP queue will still be granted validations after that date, but all FIPS 140-2 validations will be moved to the Historical List on September 21, 2026 regardless of their actual final validation date.^[6]

Purpose

The National Institute of Standards and Technology (NIST) issued the FIPS 140 Publication Series to coordinate the requirements and standards for cryptography modules that include both hardware and software components. Protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module. This standard specifies the security requirements that will be satisfied by a cryptographic module. The standard provides four increasing qualitative levels of security intended to cover a wide range of potential applications and environments. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include cryptographic module specification; cryptographic module ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks.^[7]

Federal agencies and departments can validate that the module in use is covered by an existing FIPS 140-1 or FIPS 140-2 certificate that specifies the exact module name, hardware, software, firmware, and/or applet version numbers. The cryptographic modules are produced by the private sector or open source communities for use by the U.S. government and other regulated industries (such as financial and health-care institutions) that collect, store, transfer, share and disseminate sensitive but unclassified (SBU) information. A commercial cryptographic module is also commonly referred to as a hardware security module (HSM).

Security levels

FIPS 140-2 defines four levels of security, simply named "Level 1" to "Level 4". It does not specify in detail what level of security is required by any particular application.

Level 1

Security Level 1 provides the lowest level of security. Basic security requirements are specified for a cryptographic module (e.g., at least one Approved algorithm or Approved security function shall be used). No specific physical security mechanisms are required in a Security Level 1 cryptographic module beyond the basic requirement for production-grade components. An example of a Security Level 1 cryptographic module is a personal computer (PC) encryption board.

Level 2

Security Level 2 improves upon the physical security mechanisms of a Security Level 1 cryptographic module by requiring features that show evidence of tampering, including tamper-evident coatings or seals that must be broken to attain physical access to the plaintext cryptographic keys and critical security parameters (CSPs) within the module, or pick-resistant locks on covers or doors to protect against unauthorized physical access.

Level 3

In addition to the tamper-evident physical security mechanisms required at Security Level 2, Security Level 3 attempts to prevent the intruder from gaining access to CSPs held within the cryptographic module. Physical security mechanisms required at Security Level 3 are intended to have a high probability of detecting and responding to attempts at physical access, use or modification of the cryptographic module. The physical security mechanisms may include the use of strong enclosures and tamper-detection/response circuitry that zeroes all plaintext CSPs when the removable covers/doors of the cryptographic module are opened.

Level 4

Security Level 4 provides the highest level of security. At this security level, the physical security mechanisms provide a complete envelope of protection around the cryptographic module with the intent of detecting and responding to all unauthorized attempts at physical access. Penetration of the cryptographic module enclosure from any direction has a very high probability of being detected, resulting in the immediate deletion of all plaintext CSPs.

Security Level 4 cryptographic modules are useful for operation in physically unprotected environments. Security Level 4 also protects a cryptographic module against a security compromise due to environmental conditions or fluctuations outside of the module's normal operating ranges for voltage and temperature. Intentional excursions beyond the normal operating ranges may be used by an attacker to thwart a cryptographic module's defenses. A cryptographic module is required to either include special environmental protection features designed to detect fluctuations and delete CSPs, or to undergo rigorous environmental failure testing to provide a reasonable assurance that the module will not be affected by fluctuations outside of the normal operating range in a manner that can compromise the security of the module.

Operating platform

For Levels 2 and higher, the operating platform upon which the validation is applicable is also listed. Vendors do not always maintain their baseline validations.

Cryptographic Module Validation Program

FIPS 140-2 establishes the Cryptographic Module Validation Program (CMVP) as a joint effort by the NIST and the Communications Security Establishment (CSE) for the Government of Canada

Security programs overseen by NIST and CSE focus on working with government and industry to establish more secure systems and networks by developing, managing and promoting security assessment tools, techniques, services, and supporting programs for testing, evaluation and validation; and addresses such areas as: development and maintenance of security metrics, security evaluation criteria and evaluation methodologies, tests and test methods; security-specific criteria for laboratory accreditation; guidance on the use of evaluated and tested products; research to address assurance methods and system-wide security and assessment methodologies; security protocol validation activities; and appropriate coordination with assessment-related activities of voluntary industry standards bodies and other assessment regimes.

FIPS 140-2 testing in this program

The FIPS 140-2 standard is an information technology security approval program for cryptographic modules produced by private sector vendors who seek to have their products certified for use in government departments and regulated industries (such as financial and health-care institutions) that collect, store, transfer, share and disseminate sensitive but unclassified (SBU) information.

Tamper evident FIPS 140-2 security labels are utilized to deter and detect tampering of modules.

Laboratories doing the testing

All of the tests under the CMVP are handled by third-party laboratories that are accredited as Cryptographic Module Testing laboratories^[8] by the National Voluntary Laboratory Accreditation Program (NVLAP).^[9] Vendors interested in validation testing may select any of the twenty-one accredited labs.

NVLAP accredited Cryptographic Modules Testing laboratories perform validation testing of cryptographic modules.^[10]^[11] Cryptographic modules are tested against requirements found in FIPS PUB 140–2, Security Requirements for Cryptographic Modules. Security requirements cover 11 areas related to the design and implementation of a cryptographic module. Within most areas, a cryptographic module receives a security level rating (1–4, from lowest to highest), depending on what requirements are met. For other areas that do not provide for different levels of security, a cryptographic module receives a rating that reflects fulfillment of all of the requirements for that area.

Validation

An overall rating is issued for the cryptographic module, which indicates:

the minimum of the independent ratings received in the areas with levels, and
the fulfillment of all the requirements in the other areas.

On a vendor's validation certificate, individual ratings are listed, as well as the overall rating.

NIST maintains validation lists^[12] for all of its cryptographic standards testing programs (past and present). All of these lists are updated as new modules/implementations receive validation certificates from NIST and CSE. Items on the FIPS 140-1 and FIPS 140-2 validation list reference validated algorithm implementations that appear on the algorithm validation lists.

Compliance

In addition to using a valid cryptographic module, encryption solutions are required to use cipher suites with approved algorithms or security functions established by the FIPS 140-2 Annex A to be considered FIPS 140-2 compliant.

Annexes

FIPS PUB 140-2 Annexes:

Annex A: Approved Security Functions (Draft October 12, 2021)
Annex B: Approved Protection Profiles (Draft June 10, 2019)
Annex C: Approved Random Number Generators (Draft October 12, 2021)
Annex D: Approved Key Establishment Techniques (Draft October 12, 2021)

Reception

Steven Marquess has posted a criticism that FIPS 140-2 validation can lead to incentives to keep vulnerabilities and other defects hidden. CMVP can decertify software in which vulnerabilities are found, but it can take a year to re-certify software if defects are found, so companies can be left without a certified product to ship. As an example, Steven Marquess mentions a vulnerability that was found, publicised, and fixed in the FIPS-certified open-source derivative of OpenSSL, with the publication meaning that the OpenSSL derivative was decertified. This decertification hurt companies relying on the OpenSSL-derivative's FIPS certification. By contrast, companies that had renamed and certified a copy of the open-source OpenSSL derivative were not decertified, even though they were basically identical, and did not fix the vulnerability. Steven Marquess therefore argues that the FIPS process inadvertently encourages hiding software's origins, to de-associate it from defects since found in the original, while potentially leaving the certified copy vulnerable.^[13]

In recent years, CMVP has taken steps to avoid the situation described by Marquess, moving validations to the Historical List based on the algorithms and functions contained in the module, rather than based on the provenance.^[14]

Related Research Articles

The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification. It is currently in version 3.1 revision 5.

OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.

<span class="mw-page-title-main">Cryptographic Module Validation Program</span> Joint American-Canadian security accreditation program for cryptographic modules

The Cryptographic Module Validation Program (CMVP) is a joint American and Canadian security accreditation program for cryptographic modules. The program is available to any vendors who seek to have their products certified for use by the U.S. Government and regulated industries that collect, store, transfer, share and disseminate "sensitive, but not classified" information. All of the tests under the CMVP are handled by third-party laboratories that are accredited as Cryptographic Module Testing Laboratories by the National Voluntary Laboratory Accreditation Program (NVLAP). Product certifications under the CMVP are performed in accordance with the requirements of FIPS 140-2 and FIPS 140-3.

The Secure Hash Algorithms are a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS), including:

The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer security standards that specify requirements for cryptographic modules.

SHA-2 is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression function itself built using the Davies–Meyer structure from a specialized block cipher.

A hardware security module (HSM) is a physical computing device that safeguards and manages secrets, performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. A hardware security module contains one or more secure cryptoprocessor chips.

Network Security Services (NSS) is a collection of cryptographic computer libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on the server side and hardware smart cards on the client side. NSS provides a complete open-source implementation of cryptographic libraries supporting Transport Layer Security (TLS) / Secure Sockets Layer (SSL) and S/MIME. NSS releases prior to version 3.14 are tri-licensed under the Mozilla Public License 1.1, the GNU General Public License, and the GNU Lesser General Public License. Since release 3.14, NSS releases are licensed under GPL-compatible Mozilla Public License 2.0.

A cryptographic module is a component of a computer system that implements cryptographic algorithms in a secure way, typically with some element of tamper resistance.

The Common Criteria model provides for the separation of the roles of evaluator and certifier. Product certificates are awarded by national schemes on the basis of evaluations carried by independent testing laboratories.

Cryptographic Module Testing Laboratory (CMTL) is an information technology (IT) computer security testing laboratory that is accredited to conduct cryptographic module evaluations for conformance to the FIPS 140-2 U.S. Government standard.

The IBM 4764 Cryptographic Coprocessor is a secure cryptoprocessor that performs cryptographic operations used by application programs and by communications such as SSL private key transactions associated with SSL digital certificates.

The Federal Information Processing Standard Publication 140-3 is a U.S. government computer security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on March 22, 2019 and it supersedes FIPS 140-2.

Crypto++ is a free and open-source C++ class library of cryptographic algorithms and schemes written by Wei Dai. Crypto++ has been widely used in academia, student projects, open-source, and non-commercial projects, as well as businesses. Released in 1995, the library fully supports 32-bit and 64-bit architectures for many major operating systems and platforms, including Android, Apple, BSD, Cygwin, IBM AIX, Linux, MinGW, Solaris, Windows, Windows Phone and Windows RT. The project also supports compilation using C++03, C++11, C++14, and C++17 runtime libraries; and a variety of compilers and IDEs, including Borland Turbo C++, Borland C++ Builder, Clang, CodeWarrior Pro, GCC, Intel C++ Compiler (ICC), Microsoft Visual C/C++, and Sun Studio.

Homeland Open Security Technology (HOST) is a five-year, $10 million program by the Department of Homeland Security's Science and Technology Directorate to promote the creation and use of open security and open-source software in the United States government and military, especially in areas pertaining to computer security.

The tables below compare cryptography libraries that deal with cryptography algorithms and have API function calls to each of the supported features.

The IBM 4767 PCIe Cryptographic Coprocessor is a hardware security module (HSM) that includes a secure cryptoprocessor implemented on a high-security, tamper resistant, programmable PCIe board. Specialized cryptographic electronics, microprocessor, memory, and random number generator housed within a tamper-responding environment provide a highly secure subsystem in which data processing and cryptography can be performed. Sensitive key material is never exposed outside the physical secure boundary in a clear format.

The IBM 4768 PCIe Cryptographic Coprocessor is a hardware security module (HSM) that includes a secure cryptoprocessor implemented on a high security, tamper resistant, programmable PCIe board. Specialized cryptographic electronics, microprocessor, memory, and random number generator housed within a tamper-responding environment provide a highly secure subsystem in which data processing and cryptography can be performed. Sensitive key material is never exposed outside the physical secure boundary in a clear format.

ISO/IEC 19790 is an ISO/IEC standard for security requirements for cryptographic modules. It addresses a wide range of issues regarding their implementation, including specifications, interface definitions, authentication, operational and physical security, configuration management, testing, and life-cycle management. The first version of ISO/IEC 19790 was derived from the U.S. government computer security standard FIPS 140-2, Security Requirements for Cryptographic Modules.

References

↑ "FIPS PUB 140-2: Security Requirements for Cryptographic Modules". NIST. July 26, 2007. Archived from the original on August 25, 2007. Retrieved May 18, 2013.
↑ "Federal Information Processing Standards (FIPS) Publications: FIPS 140--2, Security Requirements for Cryptographic Modules". NIST. May 2001. Retrieved May 18, 2013.
↑ "Announcing Approval and Issuance of FIPS 140-3, Security Requirements for Cryptographic Modules". www.nist.gov. National Institute of Standards and Technology. May 1, 2019. Retrieved May 29, 2019.
↑ "Cryptographic Module Validation Program". www.nist.gov.
↑ "FIPS 140-3 Transition Effort". www.nist.gov. National Institute of Standards and Technology. June 2, 2021. Retrieved August 18, 2021.
↑ "FIPS 140-3 Transition Effort". www.nist.gov. National Institute of Standards and Technology. September 21, 2020. Retrieved October 19, 2020.
↑ "SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES" (PDF). National Institute of Standards and Technology. May 25, 2001. Retrieved January 9, 2014.
↑ "Testing Laboratories". NIST. April 1, 2013. Retrieved May 18, 2013.
↑ "National Voluntary Laboratory Accreditation Program". NIST. Retrieved November 23, 2018.
↑ "Cryptographic Module Validation Program (CMVP)". www.nist.gov. Retrieved August 4, 2015.
↑ "NVLAP Cryptographic and Security Testing LAP". www.nist.gov. Retrieved August 4, 2015.
↑ "Module Validation Lists". NIST. May 13, 2013. Retrieved May 18, 2013.
↑ Steven Marquess. "Secure or Compliant, Pick One". Archived from the original on December 27, 2013.
↑ CMVP. "Implementation Guidance Announcements".

External links

"FIPS PUB 140-2" (PDF). NIST. December 3, 2002. Retrieved March 31, 2017.
"FIPS PUB 140-2 - Effective 15-Nov-2001". NIST. May 1, 2013. Retrieved May 18, 2013.
"FIPS Validation". Mozilla. November 16, 2011. Retrieved May 18, 2013.
"OpenSSL and FIPS 140-2". OpenSSL. February 21, 2013. Retrieved May 18, 2013.
"OpenFIPS Project". axiomasec.com. Retrieved May 18, 2013.
"General Flow FIPS 140-2 Validation Testing". jtsec. November 16, 2011. Retrieved March 24, 2018.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "FIPS PUB 140-2: Security Requirements for Cryptographic Modules". NIST. July 26, 2007. Archived from the original on August 25, 2007. Retrieved May 18, 2013.

[2] "Federal Information Processing Standards (FIPS) Publications: FIPS 140--2, Security Requirements for Cryptographic Modules". NIST. May 2001. Retrieved May 18, 2013.

[3] "Announcing Approval and Issuance of FIPS 140-3, Security Requirements for Cryptographic Modules". www.nist.gov. National Institute of Standards and Technology. May 1, 2019. Retrieved May 29, 2019.

[4] "Cryptographic Module Validation Program". www.nist.gov.

[5] "FIPS 140-3 Transition Effort". www.nist.gov. National Institute of Standards and Technology. June 2, 2021. Retrieved August 18, 2021.

[6] "FIPS 140-3 Transition Effort". www.nist.gov. National Institute of Standards and Technology. September 21, 2020. Retrieved October 19, 2020.

[7] "SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES" (PDF). National Institute of Standards and Technology. May 25, 2001. Retrieved January 9, 2014.

[8] "Testing Laboratories". NIST. April 1, 2013. Retrieved May 18, 2013.

[9] "National Voluntary Laboratory Accreditation Program". NIST. Retrieved November 23, 2018.

[10] "Cryptographic Module Validation Program (CMVP)". www.nist.gov. Retrieved August 4, 2015.

[11] "NVLAP Cryptographic and Security Testing LAP". www.nist.gov. Retrieved August 4, 2015.

[12] "Module Validation Lists". NIST. May 13, 2013. Retrieved May 18, 2013.

[13] Steven Marquess. "Secure or Compliant, Pick One". Archived from the original on December 27, 2013.

[14] CMVP. "Implementation Guidance Announcements".

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]