Corsec Security, Inc. - What is FIPS 140-3?

Home FIPS 140-2 Common Criteria PCI News & Events About Corsec Contact Us

What is FIPS 140-3?

FIPS 140-3 will be a newly revised version of the current Federal Information Processing Standards Publication 140-2: Security Requirements for Cryptographic Modules. The standard provides a set of cryptographic module requirements that must be satisfied by a product before being considered for government acquisition.

On December 11, 2009, NIST released the second public draft of the proposed revision of FIPS 140-2. The Revised Draft was developed using the comments received on the first public draft, which was posted for public review and comment on July 13, 2007, and the FIPS 140-3 Software Security Workshop held on March 18, 2008 (to view the Federal Register Notice about released of revised Draft FIPS 140-3). While the 2007 Draft proposed 5 levels of security, the Revised Draft FIPS 140-3 reverts to 4 levels of security as currently specified in FIPS 140-2. In contrast to the 2007 Draft, the Revised Draft also reintroduces the notion of firmware cryptographic module and defines the security requirements for it, limits the overall security level for software cryptographic modules to Security Level 2, and removes the formal model requirement at Security Level 4. Differences with the current FIPS 140-2 standard include limiting the overall security level for software cryptographic modules to Security Level 2, requirements for mitigation of non-invasive attacks at higher security levels, elimination of the requirement for formal modeling at Security Level 4, modified conditions for pre-operational/power-on self-tests, and strengthened integrity testing.

All comments to the Revised Draft FIPS 140-3 must be received on or before March 11, 2010. Please use this template. Written comments may be sent to: Chief, Computer Security Division, Information Technology Laboratory, Attention: Dr. Michaela Iorga, 100 Bureau Drive, Mail Stop 8930, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930. Electronic comments may also be sent to: This e-mail address is being protected from spam bots, you need JavaScript enabled to view it , with "Comments on the Revised Draft FIPS 140-3" in the subject line.

Next >

FIPS 140-2 Resources

- FIPS 140-2 FAQ

- FIPS 140-3 FAQ

- Federal Directives

- CMVP, NIST, and FIPS Links

- FIPS 140-2 Acronyms

- Workshops

- FIPS 140-2 Complete Validation Solution

ARMY APL frustrating your sales team?

Corsec can help navigate you to success.

Contact us today!

Maximize Validation ROI

FIPS 140-2 & Common Criteria Webinar

Need to learn more about FIPS 140-2 and Common Criteria government security validations?

Get all of your questions answered by experts in the industry.