FIPS 140-2 News and Releases - Corsec Posts

OPSWAT Completes FIPS 140-3 Validation

Jake Nelson — Wed, 08 Apr 2026 17:34:22 +0000

Corsec would like to congratulate our partner, OPSWAT, Inc., on completing the Federal Information Processing Standard Publication 140-3 (FIPS 140-3) validation process on their OPSWAT Cryptographic Module. Completion of the FIPS 140-3 validation process provides reassurance and confirmation to users of the protection of sensitive information within their environment.

To achieve this benchmark, OPSWAT partnered with Corsec, completing the validation at a Level 1 as seen in certificate #5225. For more information on the validation and to find additional details on the module’s security policy, visit NIST’s validated modules site.

To learn more about engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About FIPS 140

FIPS 140-2 / FIPS 140-3 are a joint effort by the National Institute of Standards and Technology (NIST) in the United States and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.

FIPS 140 is mandated by law in the U.S. and very strictly enforced in Canada. FIPS 140 has gained worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. A FIPS 140 validation of a product provides end users with a high degree of product security, assurance, and dependability.

About OPSWAT and their Cryptographic Module

OPSWAT protects critical infrastructure. Their goal is to eliminate malware and zero-day attacks. They believe that every file and every device pose a threat. Threats must be addressed at all locations at all times—at entry, at exit, and at rest. Their products focus on threat prevention and process creation for secure data transfer and safe device access. The result is productive systems that minimize risk of compromise.

The OPSWAT Cryptographic Module is a cryptographic software library, intended for use by U.S. and Canadian Federal agencies and other markets that require FIPS 140-3 validated cryptographic functionality.

About Corsec Security, Inc.

For over 28 years, Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and DoD STIG / DoDIN APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

The post OPSWAT Completes FIPS 140-3 Validation appeared first on Corsec Security, Inc.®.

Enabling Federal Sales: Winning Security Strategies

Jake Nelson — Tue, 13 Jan 2026 20:16:32 +0000

In today’s federal procurement environment, cybersecurity requirements are no longer aspirational—they are mandatory gatekeepers. As federal agencies modernize their infrastructure, adopt zero-trust architectures, and migrate mission systems to the cloud, the security expectations placed on technology vendors continue to rise.

While individual departments and agencies retain authority to define procurement-specific security requirements, several standards have become federally mandated. Among them, FIPS 140-3 stands out as one of the most critical—and misunderstood—requirements in federal technology sales.

For federal sales teams, FIPS 140-3 is not simply a technical checkbox. It is often the difference between being eligible to compete and being disqualified before discussions even begin. Products that lack a credible FIPS validation path routinely stall in procurement, trigger ATO delays, or are excluded entirely from RFPs. In contrast, vendors that proactively align with FIPS 140-3 position themselves as lower-risk, procurement-ready partners.

Understanding how FIPS 140-3 works, why agencies mandate it, and what it takes to achieve validation is now a core competency for both federal sales professionals and the engineering leaders who support them.

Understanding FIPS 140-3

The Federal Information Processing Standard (FIPS) 140-3 defines the security requirements for cryptographic modules used to protect sensitive but unclassified information within federal systems. Issued by the National Institute of Standards and Technology (NIST), FIPS 140-3 replaces the long-standing FIPS 140-2 standard and aligns U.S. government cryptographic requirements with modern international standards. At a practical level, FIPS 140-3 governs how encryption, key management, authentication, and cryptographic functions are designed, implemented, tested, and operated.

It is critical to distinguish between:

Federal agencies—and their Authorizing Officials—almost always require validated cryptographic modules, not aspirational compliance statements.

The Significance for Federal Agencies:

FIPS 140-3 has become more than a legacy federal requirement carried forward—it is now a defining control point in modern federal procurement. Several converging forces have elevated its importance:

1. The Sunsetting of FIPS 140-2 Is Forcing Action
FIPS 140-2 is officially sunsetting, with CMVP transitioning fully to FIPS 140-3 validations. Agencies are increasingly unwilling to approve new systems that rely on FIPS 140-2-only modules, especially for long-lived deployments. For sales teams, this means:

Legacy validations are losing procurement value
“We’ll address it later” is no longer acceptable to buyers
Products without a FIPS 140-3 roadmap are seen as short-term or high-risk investments

Vendors that delay transition often find themselves locked out of future RFPs or facing costly re-engineering under procurement pressure.

2. Zero Trust and Cloud Mandates Depend on Strong Cryptography
Federal zero-trust initiatives, cloud-first policies, and identity-centric architectures all rely on provable cryptographic trust. Without validated cryptographic modules, these architectures fail to meet baseline federal security expectations. As a result, FIPS 140-3 validation is increasingly treated as foundational infrastructure, not an optional enhancement.

Sales teams that can articulate how their product’s cryptography aligns with FIPS 140-3—and how it supports zero-trust objectives—gain immediate credibility with federal buyers.

3. FIPS 140-3 Is Directly Tied to ATO Outcomes
One of the most common—and costly—procurement blockers in federal sales is Authority to Operate (ATO) friction. Systems that lack validated cryptography frequently encounter:

Extended POA&Ms
Conditional authorizations
Delayed deployments
Additional agency scrutiny

From an Authorizing Official’s perspective, unvalidated cryptography introduces unnecessary risk. FIPS 140-3 validation simplifies security assessments, reduces ambiguity, and shortens approval timelines.

For sales teams, this translates into: 1.) Faster time-to-value for customers, 2.) Fewer late-stage deal delays, and 3.) Reduced risk of post-award surprises

4. Procurement Language Is Becoming Explicit
Federal acquisition language increasingly mandates FIPS 140-3 explicitly, referencing: NIST standards, OMB directives, Agency-specific cybersecurity policies, and FAR and DFARS clauses.

Vendors that cannot clearly demonstrate FIPS alignment risk:

Failing compliance checks during proposal evaluation
Being deemed “technically unacceptable”
Losing deals before pricing or differentiation is even considered

In competitive procurements, FIPS 140-3 readiness is often assumed—not rewarded. Its absence, however, is penalized immediately.

The Impact on Federal Sales Teams:

For federal sales professionals and their engineering counterparts, FIPS 140-3 has direct, measurable impact on revenue outcomes, specifically when looking at competitive eligibility.

Without a FIPS 140-3 validation, many opportunities are simply un-winnable. With it, teams gain access to a broader set of procurements and avoid early disqualification.

Trust and Credibility: Validated cryptography signals maturity, seriousness, and commitment to federal security standards. It reassures buyers that the vendor understands federal risk tolerance and compliance expectations.
Sales-Cycle Acceleration: Products aligned with FIPS 140-3 encounter fewer objections during security reviews, enabling smoother evaluations and faster procurement decisions.
Risk Reduction: Understanding validation scope, timelines, and dependencies helps sales teams avoid overpromising and protects engineering teams from last-minute compliance fire drills.

Achieving FIPS 140-3 is not a single engineering task—it is a cross-functional initiative that touches product architecture, release planning, sales strategy, and customer engagement.

How Corsec Supports Federal Sales Success

Corsec specializes in guiding technology companies through the complexity of FIPS 140-3 validation with a focus on business outcomes, not just technical compliance.

We work with product, engineering, and federal sales teams to:

Map cryptographic components to real procurement requirements
Define validation scope aligned to target agencies and use cases
Forecast realistic timelines that support sales planning
Reduce risk through proven certification strategies
Strengthen competitive positioning with clear, defensible compliance narratives

By engaging early, teams avoid stalled deals, missed RFPs, and reactive compliance efforts that erode margins and credibility.

Conclusion: FIPS 140-3 Is a Sales Enabler, Not a Checkbox

In the modern federal market, FIPS 140-3 compliance is no longer optional—and it is no longer just a security concern. It is a sales-enablement requirement, a procurement accelerator, and a trust signal that directly influences buying decisions.

Federal sales teams that understand FIPS 140-3—and partner with experts to execute it effectively—position themselves for smoother procurement cycles, stronger customer relationships, and sustained growth in the federal marketplace.

Whether you’re early in product development or facing active federal procurements, Corsec can help you align certification strategy with sales success.

Talk to Corsec today to start your FIPS 140-3 roadmap and unlock more federal opportunities.

FIPS Assessment

FIPS Design & Testing

FIPS Validation

About Corsec Security, Inc.

For 27+ years Corsec has guided companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD (STIGs, DoDIN APL, UC APL). We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

For more information on engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

The post Enabling Federal Sales: Winning Security Strategies appeared first on Corsec Security, Inc.®.

Ideem Completes FIPS 140-3 Validation

Jake Nelson — Mon, 10 Mar 2025 15:00:33 +0000

Corsec would like to congratulate Ideem, Inc., on completing the Federal Information Processing Standard Publication 140-3 (FIPS 140-3) validation process on their Ideem ZSM Cryptographic Module.

Ideem completed the validation at a Level 1 as seen in certificate #4982. For more information on the validation and to find additional details on the module’s security policy, visit NIST’s validated modules site.

To learn more about engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About FIPS 140

About Ideem & Their Cryptographic Module

Ideem revolutionizes identity and authentication with its Universal Two Factor Authentication (2FA) solution, addressing the challenges of traditional One Time Passcodes (OTPs) which are plagued by friction, fraud, and high costs.

The Ideem ZSM Cryptographic Module randomly splits keys across servers and mobile devices so that they are never in any single place to be stolen. The advanced protocols used in Ideem Cryptographic Module ensure that even if servers or devices are breached and completely controlled by an attacker, the secrets and credentials cannot be stolen. The result is that digital assets remain safe, even if all else fails and attackers get inside the network.

About Corsec Security, Inc.

For over 27 years Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

The post Ideem Completes FIPS 140-3 Validation appeared first on Corsec Security, Inc.®.

Byos Validates Library under FIPS 140-2

Jake Nelson — Sat, 15 Feb 2025 21:08:29 +0000

Corsec would like to congratulate our partner, Byos Inc., on completing the Federal Information Processing Standard Publication 140-2 (FIPS 140-2) validation process on their OpenSSL FIPS Provider.

To achieve this milestone, Byos partnered with Corsec, completing the validation at a Level 1 as seen in certificate #4964. For more information on the validation and to find additional details on the module’s security policy, visit NIST’s validated modules site.

To learn more about engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About FIPS 140

About Byos’ OpenSSL FIPS Provider Module

The Module is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality. The Module is classified under FIPS 140-2 as a software module, with a multi-chip standalone module embodiment. The physical cryptographic boundary is the general-purpose computer on which the module is installed. The logical cryptographic boundary of the Module is the FIPS Provider, a dynamically loadable library.

About Corsec Security, Inc.

For over 26 years Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

The post Byos Validates Library under FIPS 140-2 appeared first on Corsec Security, Inc.®.

Fed Roundup: November 2024

Jake Nelson — Tue, 03 Dec 2024 19:27:31 +0000

DISA News

Announcements:

DISA Looks to Build New Cloud and Edge Capabilities

Security Technical Implementation Guide Updates:

NIST News

Updates & Announcements:

None

Special Publications & Interagency Reports:

NIAP News

Updates & Announcements:

None

Protection Profile Announcements:

PP-Module for Web Browsers v1.0 sent for comments

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

The post Fed Roundup: November 2024 appeared first on Corsec Security, Inc.®.

AudioCodes Completes Two FIPS 140-3 Validations

Jake Nelson — Tue, 03 Dec 2024 18:45:31 +0000

Corsec would like to congratulate our partner, AudiCodes Ltd., on completing the Federal Information Processing Standard Publication 140-3 (FIPS 140-3) validation process on the following two modules:

To achieve this milestone, AudioCodes partnered with Corsec, completing both validations at a Level 1 as seen in their certificates above. For more information on the validation and to find additional details on the module’s security policy, visit NIST’s validated modules site.

To learn more about engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About FIPS 140

About AudioCodes Ltd.

AudioCodes is a leading vendor of advanced networking and media processing solutions for the digital workplace.

The AudioCodes Mediant family of Session Border Controllers (SBCs) and Media Gateways (GWs) offer a line of versatile IP communications platforms that connect VoIP and TDM networks, built on years of carrier-grade VoIP deployments and expertise. AudioCodes’s SBCs and Media Gateway provide the interoperability, security and quality assurance that service providers need to connect their enterprise and residential customers reliably and securely to SIP trunk and hosted telephony services.

Learn more about AudioCodes here.

About Corsec Security, Inc.

For two decades Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

The post AudioCodes Completes Two FIPS 140-3 Validations appeared first on Corsec Security, Inc.®.

Tanium Secures Products with Recent FIPS 140 Validation

Jake Nelson — Wed, 13 Nov 2024 18:30:54 +0000

Corsec would like to congratulate our partner, Tanium, Inc., on completing the Federal Information Processing Standard Publication 140-2 (FIPS 140-2) validation process on their Tanium OpenSSL 3 FIPS Module.

To achieve this milestone, Tanium partnered with Corsec, completing the validation at a Level 1 as seen in certificate #4868. For more information on the validation and to find additional details on the module’s security policy, visit NIST’s validated modules site.

To learn more about engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About FIPS 140

About Tanium, Inc.

Tanium gives the world’s largest enterprises and government organizations the unique power to secure, control, and manage millions of endpoints across the enterprise within seconds. Serving as the “central nervous system” for enterprises, Tanium empowers security and IT operations teams to ask questions about the state of every endpoint across the enterprise in plain English, retrieve data on their current and historical state, and execute change as necessary, all within seconds. For more, visit the Tanium website.

About Corsec Security, Inc.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

The post Tanium Secures Products with Recent FIPS 140 Validation appeared first on Corsec Security, Inc.®.

Cradlepoint Kernel FIPS 140-3 Validated

Jake Nelson — Tue, 05 Nov 2024 16:32:41 +0000

Corsec would like to congratulate our partner, Cradlepoint, Inc., on completing the Federal Information Processing Standard Publication 140-3 (FIPS 140-3) validation process on their Kernel Cryptographic Module.

To achieve this milestone, Cradlepoint partnered with Corsec, completing the validation at a Level 1 as seen in certificate #4863. For more information on the validation and to find additional details on the module’s security policy, visit NIST’s validated modules site.

To learn more about engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About FIPS 140

About Cradlepoint’s Kernel Cryptographic Module

The Cradlepoint Kernel Cryptographic Module (versions 1.0 and 2.0) is a software module with a multi-chip standalone embodiment. The module is designed to operate within a modifiable operational environment. The module comprises kernel loadable components, a static kernel binary, an integrity test utility, and digest files for testing integrity.

The cryptographic module maintains validation compliance when operating on any general-purpose computer (GPC) provided that the GPC uses any single-user operating system/mode specified on the validation certificate, or another compatible single-user operating system.