FIPS 140-3 Archives - Corsec Security, Inc.®

HP Inc Completes FIPS 140-3 Validation of HP Poly Crypto Module

Jake Nelson — Fri, 15 May 2026 18:30:19 +0000

Corsec would like to congratulate our partner, Hewlett Packard, Inc., on completing the Federal Information Processing Standard Publication 140-3 (FIPS 140-3) validation process on their HP Poly Cryptographic Module. Completion of the FIPS 140-3 validation process provides reassurance and confirmation to users of the protection of sensitive information within their environment.

To achieve this benchmark, HP partnered with Corsec, completing the validation at a Level 1 as seen in certificate #5011. For more information on the validation and to find additional details on the module’s security policy, visit NIST’s validated modules site.

To learn more about engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About FIPS 140

FIPS 140-2 / FIPS 140-3 are a joint effort by the National Institute of Standards and Technology (NIST) in the United States and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.

FIPS 140 is mandated by law in the U.S. and very strictly enforced in Canada. FIPS 140 has gained worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. A FIPS 140 validation of a product provides end users with a high degree of product security, assurance, and dependability.

About the HP Poly Cryptographic Module

The HP Poly Cryptographic Module is an open-source, general-purpose cryptographic library which provides approved cryptographic algorithms to serve BoringSSL and other user-space applications. The module is intended for use in a variety of environments and any general-purpose environment that requires cryptographic primitives.

About Corsec Security, Inc.

For over 28 years, Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and DoD STIG / DoDIN APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

The post HP Inc Completes FIPS 140-3 Validation of HP Poly Crypto Module appeared first on Corsec Security, Inc.®.

FIPS 140-3 Validation Complete for Infinidat on Cryptographic Module

Jake Nelson — Wed, 22 Apr 2026 18:47:16 +0000

Corsec would like to congratulate our partner, Infinidat, Ltd., on completing the Federal Information Processing Standard Publication 140-3 (FIPS 140-3) validation process on their Infinidat Cryptographic Module. Completion of the FIPS 140-3 validation process provides reassurance and confirmation to users of the protection of sensitive information within their environment.

To achieve this benchmark, Infinidat partnered with Corsec, completing the validation at a Level 1 as seen in certificate #5245. For more information on the validation and to find additional details on the module’s security policy, visit NIST’s validated modules site.

To learn more about engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About FIPS 140

About the Infinidat Cryptographic Module

The Infinidat Cryptographic Module is a set of cryptographic libraries that implement TLS, symmetric key generation and encryption/decryption, and SED authentication key derivation for the InfuzeOS™, which is the core component of the InfiniBox and InfiniBox SSA appliances.

The Infinidat Cryptographic Module comes preinstalled on each InfiniBox node.

About Corsec Security, Inc.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

The post FIPS 140-3 Validation Complete for Infinidat on Cryptographic Module appeared first on Corsec Security, Inc.®.

Ericsson Enterprise Wireless Validates Cryptographic Module under FIPS 140-3

Jake Nelson — Wed, 08 Apr 2026 18:42:34 +0000

Corsec would like to congratulate our partner, Ericsson Enterprise Wireless, on completing the Federal Information Processing Standard Publication 140-3 (FIPS 140-3) validation process on their Ericsson Cryptographic Module v3. Completion of the FIPS 140-3 validation process provides reassurance and confirmation to users of the protection of sensitive information within their environment.

To achieve this benchmark, Ericsson Enterprise Wireless partnered with Corsec, completing the validation at a Level 1 as seen in certificate #5228. For more information on the validation and to find additional details on the module’s security policy, visit NIST’s validated modules site.

To learn more about engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About FIPS 140

About Ericsson Enterprise Wireless and their Cryptographic Module

Cradlepoint is now the Enterprise Wireless Solutions division of Ericsson. Their solutions enable organizations to innovate, operate, and grow anywhere — without constraints.

The Ericsson Cryptographic Module v3 is a cryptographic software library, intended for use by U.S. and Canadian Federal agencies and other markets that require FIPS 140-3 validated cryptographic functionality.

About Corsec Security, Inc.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

The post Ericsson Enterprise Wireless Validates Cryptographic Module under FIPS 140-3 appeared first on Corsec Security, Inc.®.

OPSWAT Completes FIPS 140-3 Validation

Jake Nelson — Wed, 08 Apr 2026 17:34:22 +0000

Corsec would like to congratulate our partner, OPSWAT, Inc., on completing the Federal Information Processing Standard Publication 140-3 (FIPS 140-3) validation process on their OPSWAT Cryptographic Module. Completion of the FIPS 140-3 validation process provides reassurance and confirmation to users of the protection of sensitive information within their environment.

To achieve this benchmark, OPSWAT partnered with Corsec, completing the validation at a Level 1 as seen in certificate #5225. For more information on the validation and to find additional details on the module’s security policy, visit NIST’s validated modules site.

To learn more about engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About FIPS 140

About OPSWAT and their Cryptographic Module

OPSWAT protects critical infrastructure. Their goal is to eliminate malware and zero-day attacks. They believe that every file and every device pose a threat. Threats must be addressed at all locations at all times—at entry, at exit, and at rest. Their products focus on threat prevention and process creation for secure data transfer and safe device access. The result is productive systems that minimize risk of compromise.

The OPSWAT Cryptographic Module is a cryptographic software library, intended for use by U.S. and Canadian Federal agencies and other markets that require FIPS 140-3 validated cryptographic functionality.

About Corsec Security, Inc.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

The post OPSWAT Completes FIPS 140-3 Validation appeared first on Corsec Security, Inc.®.

Fed Roundup: February 2026

Jake Nelson — Tue, 03 Mar 2026 19:45:37 +0000

DISA News

Announcements:

Security Technical Implementation Guide Updates:

Adobe Acrobat Professional DC Continuous Track Draft STIG Benchmark – Ver 1, Rel 0.1
Adobe Acrobat Professional DC Continuous Track Draft STIG Benchmark Comment Matrix
Oracle Linux 9 STIG for Ansible – Ver 1, Rel 4
Oracle Linux 9 STIG for Chef – Ver 1, Rel 4
Nutanix Acropolis STIG
MongoDB Enterprise Advanced 8.x STIG – Ver 1, Rel 1
Microsoft Windows Server 2025 STIG – Ver 1, Rel 1
Zebra Android 14 STIG

NIST News

Updates & Announcements:

None

Special Publications, Interagency Reports, & Cybersecurity White Papers:

- IPD SP 1800-39: Data Classification Practices

NIAP News

Updates & Announcements:

None

Protection Profile Announcements:

PP-Module for LiFi Access System Version 1.0

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

The post Fed Roundup: February 2026 appeared first on Corsec Security, Inc.®.

Fidelity Completes FIPS 140-3 Validation with Corsec

Jake Nelson — Tue, 17 Feb 2026 16:15:27 +0000

Corsec would like to congratulate our partner, Fidelity Center for Applied Technology, LLC, on completing the Federal Information Processing Standard Publication 140-3 (FIPS 140-3) validation process on their FCAT Wallet Vault Cryptographic Module. Completion of the FIPS 140-3 validation process provides reassurance and confirmation to users of the protection of sensitive information within their environment.

To achieve this benchmark, Fidelity partnered with Corsec, completing the validation at a Level 1 as seen in certificate #5153. For more information on the validation and to find additional details on the module’s security policy, visit NIST’s validated modules site.

To learn more about engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About FIPS 140

About Fidelity Center for Applied Technology and their FCAT Wallet Vault

Fidelity Center for Applied Technology LLC is a catalyst for breakthrough achievements in research and tech. They assess, test and scale concepts and ideas that advance Fidelity’s markets leadership and enhance every customer’s experience.

FCAT Wallet Vault Cryptographic Module version 1.0 is a software library providing a C language API for use by other applications requiring cryptographic functionality. FCAT Wallet Vault Cryptographic Module 1.0 offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and key establishment functions to secure data-at-rest/data-in-flight and to support industry-standard secure communications protocols (including TLS 1.2/1.3).

About Corsec Security, Inc.

For two decades Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and DoD STIG / DoDIN APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

The post Fidelity Completes FIPS 140-3 Validation with Corsec appeared first on Corsec Security, Inc.®.

Designing for FIPS 140-3: A Practical Guide for Engineering

Mary Broerman — Wed, 28 Jan 2026 20:34:57 +0000

Security & Design Engineering

The Federal Information Processing Standard 140‑3 (FIPS 140-3) is a government-mandated framework for products sold into U.S. federal agencies. FIPS 140-3 defines how cryptographic modules must be designed, engineered, tested, and validated for use across U.S. federal agencies and regulated industries. Whether you’re an engineer new to FIPS, a seasoned security architect, or a product manager navigating compliance constraints, understanding the engineering implications is essential.

Beyond security, adherence to FIPS 140-3 can support interoperability, repeatable deployments, and predictable audit outcomes across complex systems.

Why FIPS 140‑3 Matters for Engineers and Product Teams

Engineering teams are responsible for translating FIPS 140-3 requirements into practical design, implementation, and configuration decisions that support federal contracts, regulated industries such as critical infrastructure, finance, healthcare, IoT, and any environment handling highly sensitive data.

FIPS 140‑3 defines standardized security requirements for cryptographic modules across:

Algorithm selection and cryptographic primitives
Key generation, handling, and destruction
Entropy sources and DRBG validation
Physical security protections (for hardware)
Secure boot, self‑tests, integrity checks, and error handling
Boundary definitions and operational environments

Getting these engineering decisions right at design time minimizes the risk of costly rework, failed validations, and security gaps. Treating FIPS 140‑3 as a design discipline — not a post‑development audit, is critical.

Security & Design Engineering

FIPS 140‑3 requirements shape both architecture and implementation. Engineers must consider how security functions behave from the moment the system boots through runtime operations and updates.

Examples of core engineering decisions influenced by FIPS requirements include:

Choosing cryptographic libraries: Whether to use an open‑source module (e.g., OpenSSL FIPS provider), create a proprietary one, or privately label a validated module.
Boundary scoping: Deciding whether the “cryptographic boundary” is your entire product, a subcomponent, or a standalone module.
Entropy design: Ensuring your RNG/DRBG meets SP 800‑90 requirements and that entropy collection is testable and well‑documented.
Integrity monitoring: Implementing pre‑operational self‑tests and approved integrity checks that must pass before the module enters a FIPS‑approved mode.

Evaluating these design decisions early helps prevent failures during testing.

Engineering Mitigation Strategies

Bridging security design with practical engineering execution is where many FIPS efforts succeed — or fail. This is the point in the development lifecycle where theoretical security requirements become engineering realities. Attempting to “retrofit” FIPS into an existing product is a common engineering failure. Corsec recommends integrating FIPS security requirements from the initial architectural design to reduce rework, cost, and validation delays. As an example, a team that chooses a non‑approved AES mode of operation (such as AES‑XTS for certain contexts) will later be forced to redesign its crypto pipeline once CMVP testing begins.

Plan for Compliance from Day One
Designing with FIPS 140-3 requirements in mind from the start—rather than attempting to retrofit compliance late in development—reduces engineering rework, lowers costs, and shortens validation timelines.

Document Gaps Using a POA&M
The most essential mitigation strategy is documenting certification gaps. For engineers, this means clearly identifying and outlining validation boundary options and the technical areas that need to be addressed in order to achieve validation.

Enforce FIPS-Approved Mode Configuration
Validated modules must operate strictly in their FIPS-approved mode. Misconfiguration is a common engineering pitfall and one of the most frequent causes of non-compliance during reviews.

Use Approved Security Update Paths
When addressing CVEs or updating to a newer version of your product, engineers should select and follow the appropriate and approved security update process. There are many different update scenarios available for modules, some paths are faster and more cost-effective than triggering a full revalidation. Keeping your module inline with the regulations to qualify for an update is key.

Select an Appropriate FIPS Partner
Involving a FIPS partner early in the development lifecycle allows engineers to receive feedback before designs are finalized. Early engagement helps ensure documentation accuracy and reduces the likelihood of delays during formal testing.

Addressing FIPS 140-3 & Key Considerations

Reviewing FIPS requirements at every engineering milestone is highly recommended, from architecture to final testing.

Contracts and Revenue
Products sold to or deployed within federal environments require FIPS 140-3 validation. For engineering teams, failure to validate often means finished products sit idle while deals stall, procurements are canceled, or existing contracts are put at risk.

Operational Disruptions
Lack of validation can translate to engineering teams being blocked from deploying new systems, features, or updates. Any modification to a validated cryptographic module—or the introduction of a non-validated component—can render the system non-compliant.

Security Exposure
To preserve an existing certificate, engineers may delay applying critical operating system or dependency patches. While this maintains validation status, it can leave systems exposed to known vulnerabilities and active threats.

Legal, Financial, and Reputational Risk
Failure to meet FIPS 140-3 requirements can result in regulatory violations, financial penalties, and legal exposure, including potential False Claims Act implications. These outcomes can significantly impact both the organization and the engineering teams responsible for delivery.

Certificates Becoming “Historical”
When teams fail to plan for standard transitions—such as moving from FIPS 140-2 to FIPS 140-3—certificates may become historical. Once this happens, they can no longer be used for new federal acquisitions, forcing revalidation under tighter timelines.

Ready to Engineer Your Product for FIPS 140‑3?

If you’re building cryptographic products for federal or regulated markets, Corsec recommends engaging early to avoid costly engineering rework.

To accelerate your path to validation and ensure your engineering team is building FIPS‑ready designs from day one, schedule time to speak to a Corsec engineer.

FIPS Assessment

FIPS Design & Testing

FIPS Validation

About Corsec Security, Inc.

For 27+ years Corsec has guided companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD (STIGs, DoDIN APL, UC APL). From mobile devices to satellites, Corsec helps companies reduce validation risk, shorten timelines, and expand into regulated markets.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

The post Designing for FIPS 140-3: A Practical Guide for Engineering appeared first on Corsec Security, Inc.®.

Enabling Federal Sales: Winning Security Strategies

Jake Nelson — Tue, 13 Jan 2026 20:16:32 +0000

In today’s federal procurement environment, cybersecurity requirements are no longer aspirational—they are mandatory gatekeepers. As federal agencies modernize their infrastructure, adopt zero-trust architectures, and migrate mission systems to the cloud, the security expectations placed on technology vendors continue to rise.

While individual departments and agencies retain authority to define procurement-specific security requirements, several standards have become federally mandated. Among them, FIPS 140-3 stands out as one of the most critical—and misunderstood—requirements in federal technology sales.

For federal sales teams, FIPS 140-3 is not simply a technical checkbox. It is often the difference between being eligible to compete and being disqualified before discussions even begin. Products that lack a credible FIPS validation path routinely stall in procurement, trigger ATO delays, or are excluded entirely from RFPs. In contrast, vendors that proactively align with FIPS 140-3 position themselves as lower-risk, procurement-ready partners.

Understanding how FIPS 140-3 works, why agencies mandate it, and what it takes to achieve validation is now a core competency for both federal sales professionals and the engineering leaders who support them.

Understanding FIPS 140-3

The Federal Information Processing Standard (FIPS) 140-3 defines the security requirements for cryptographic modules used to protect sensitive but unclassified information within federal systems. Issued by the National Institute of Standards and Technology (NIST), FIPS 140-3 replaces the long-standing FIPS 140-2 standard and aligns U.S. government cryptographic requirements with modern international standards. At a practical level, FIPS 140-3 governs how encryption, key management, authentication, and cryptographic functions are designed, implemented, tested, and operated.

It is critical to distinguish between:

Federal agencies—and their Authorizing Officials—almost always require validated cryptographic modules, not aspirational compliance statements.

The Significance for Federal Agencies:

FIPS 140-3 has become more than a legacy federal requirement carried forward—it is now a defining control point in modern federal procurement. Several converging forces have elevated its importance:

1. The Sunsetting of FIPS 140-2 Is Forcing Action
FIPS 140-2 is officially sunsetting, with CMVP transitioning fully to FIPS 140-3 validations. Agencies are increasingly unwilling to approve new systems that rely on FIPS 140-2-only modules, especially for long-lived deployments. For sales teams, this means:

Legacy validations are losing procurement value
“We’ll address it later” is no longer acceptable to buyers
Products without a FIPS 140-3 roadmap are seen as short-term or high-risk investments

Vendors that delay transition often find themselves locked out of future RFPs or facing costly re-engineering under procurement pressure.

2. Zero Trust and Cloud Mandates Depend on Strong Cryptography
Federal zero-trust initiatives, cloud-first policies, and identity-centric architectures all rely on provable cryptographic trust. Without validated cryptographic modules, these architectures fail to meet baseline federal security expectations. As a result, FIPS 140-3 validation is increasingly treated as foundational infrastructure, not an optional enhancement.

Sales teams that can articulate how their product’s cryptography aligns with FIPS 140-3—and how it supports zero-trust objectives—gain immediate credibility with federal buyers.

3. FIPS 140-3 Is Directly Tied to ATO Outcomes
One of the most common—and costly—procurement blockers in federal sales is Authority to Operate (ATO) friction. Systems that lack validated cryptography frequently encounter:

Extended POA&Ms
Conditional authorizations
Delayed deployments
Additional agency scrutiny

From an Authorizing Official’s perspective, unvalidated cryptography introduces unnecessary risk. FIPS 140-3 validation simplifies security assessments, reduces ambiguity, and shortens approval timelines.

For sales teams, this translates into: 1.) Faster time-to-value for customers, 2.) Fewer late-stage deal delays, and 3.) Reduced risk of post-award surprises

4. Procurement Language Is Becoming Explicit
Federal acquisition language increasingly mandates FIPS 140-3 explicitly, referencing: NIST standards, OMB directives, Agency-specific cybersecurity policies, and FAR and DFARS clauses.

Vendors that cannot clearly demonstrate FIPS alignment risk:

Failing compliance checks during proposal evaluation
Being deemed “technically unacceptable”
Losing deals before pricing or differentiation is even considered

In competitive procurements, FIPS 140-3 readiness is often assumed—not rewarded. Its absence, however, is penalized immediately.

The Impact on Federal Sales Teams:

For federal sales professionals and their engineering counterparts, FIPS 140-3 has direct, measurable impact on revenue outcomes, specifically when looking at competitive eligibility.

Without a FIPS 140-3 validation, many opportunities are simply un-winnable. With it, teams gain access to a broader set of procurements and avoid early disqualification.

Trust and Credibility: Validated cryptography signals maturity, seriousness, and commitment to federal security standards. It reassures buyers that the vendor understands federal risk tolerance and compliance expectations.
Sales-Cycle Acceleration: Products aligned with FIPS 140-3 encounter fewer objections during security reviews, enabling smoother evaluations and faster procurement decisions.
Risk Reduction: Understanding validation scope, timelines, and dependencies helps sales teams avoid overpromising and protects engineering teams from last-minute compliance fire drills.

Achieving FIPS 140-3 is not a single engineering task—it is a cross-functional initiative that touches product architecture, release planning, sales strategy, and customer engagement.

How Corsec Supports Federal Sales Success

Corsec specializes in guiding technology companies through the complexity of FIPS 140-3 validation with a focus on business outcomes, not just technical compliance.

We work with product, engineering, and federal sales teams to:

Map cryptographic components to real procurement requirements
Define validation scope aligned to target agencies and use cases
Forecast realistic timelines that support sales planning
Reduce risk through proven certification strategies
Strengthen competitive positioning with clear, defensible compliance narratives

By engaging early, teams avoid stalled deals, missed RFPs, and reactive compliance efforts that erode margins and credibility.

Conclusion: FIPS 140-3 Is a Sales Enabler, Not a Checkbox

In the modern federal market, FIPS 140-3 compliance is no longer optional—and it is no longer just a security concern. It is a sales-enablement requirement, a procurement accelerator, and a trust signal that directly influences buying decisions.

Federal sales teams that understand FIPS 140-3—and partner with experts to execute it effectively—position themselves for smoother procurement cycles, stronger customer relationships, and sustained growth in the federal marketplace.

Whether you’re early in product development or facing active federal procurements, Corsec can help you align certification strategy with sales success.

Talk to Corsec today to start your FIPS 140-3 roadmap and unlock more federal opportunities.

FIPS Assessment

FIPS Design & Testing

FIPS Validation

About Corsec Security, Inc.

For 27+ years Corsec has guided companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD (STIGs, DoDIN APL, UC APL). We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

For more information on engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

The post Enabling Federal Sales: Winning Security Strategies appeared first on Corsec Security, Inc.®.

Cloud Software Group completes FIPS 140-3 Validation

Jake Nelson — Wed, 31 Dec 2025 17:35:28 +0000

Corsec would like to congratulate our partner, Cloud Software Group, Inc., on completing the Federal Information Processing Standard Publication 140-3 (FIPS 140-3) validation process on their NetScaler Virtual Appliance. Completion of the FIPS 140-3 validation process provides reassurance and confirmation to users of the protection of sensitive information within their environment.

To achieve this benchmark, Cloud Software Group partnered with Corsec, completing the validation at a Level 1 as seen in certificate #5111. For more information on the validation and to find additional details on the module’s security policy, visit NIST’s validated modules site.

To learn more about engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About FIPS 140

About Cloud Software Group and the NetScaler Virtual Appliance

Cloud Software Group enables their customers to evolve, compete and succeed leveraging software franchises for and across data, automation, insight, and collaboration.

The NetScaler Virtual Appliance is a virtual application delivery controller (ADC) that accelerates application performance, enhances application availability with advanced L4-L7 load balancing, provides an integrated application firewall, and lowers server expenses by offloading computationally intensive tasks. All these capabilities are combined into a single, integrated virtual appliance.

About Corsec Security, Inc.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

The post Cloud Software Group completes FIPS 140-3 Validation appeared first on Corsec Security, Inc.®.

Securing Cyber-Physical Systems in Smart Manufacturing

Mary Broerman — Thu, 04 Dec 2025 20:53:38 +0000

The Rise of CPS in Modern Manufacturing

Smart factories are increasingly powered by cyber-physical systems (CPS)—connected robots, industrial sensors, autonomous vehicles, and AI-enabled control software. These technologies combine computing, analytics, and real-world physical actions to create fast, efficient, and adaptable production environments. As this connectivity expands, so does the potential impact of a cybersecurity event. A compromised device is no longer just an IT issue; it can stop production, alter physical processes, or create safety concerns. This escalating risk is driving manufacturers to adopt formal security certifications as a way to guarantee resilience and trust in their CPS ecosystems.

What Makes CPS Harder to Secure

Cyber-physical systems (CPS) operate very differently from traditional IT environments, which makes securing them a unique and challenging task. Unlike standard IT systems that primarily process data, CPS directly control and interact with physical machinery and industrial processes. This introduces several security complexities:

Direct Interaction with Physical Equipment
CPS, such as robotic assembly lines or industrial control systems (ICS), directly manipulate machinery. A cyberattack or system misconfiguration can cause physical damage or safety hazards. For example, in 2010, the Stuxnet worm targeted Iranian centrifuges, causing them to spin out of control and physically destroy equipment—all while appearing normal to operators. This illustrates how tightly integrated cyber and physical components increase the stakes of security breaches.
Real-Time Operational Requirements
CPS often require precise, real-time responses. Even a fraction-of-a-second delay can disrupt operations or reduce product quality. In automotive manufacturing, for instance, robotic arms on an assembly line must synchronize perfectly. If a security patch or intrusion detection system introduces latency, production may stall or components may be improperly assembled.
Downtime Risks and Continuous Availability
Many CPS environments cannot tolerate interruptions. In power plants, oil refineries, or water treatment facilities, shutting down systems for maintenance or security updates can be costly or dangerous. The 2021 Colonial Pipeline ransomware attack in the U.S. forced a shutdown of critical fuel pipelines, causing widespread fuel shortages. This highlights how CPS downtime is not just inconvenient—it has real-world economic and safety impacts.
Legacy and Modern Technology Integration
CPS environments often combine decades-old industrial controllers with modern, cloud-connected software, IoT sensors, and AI tools. This mix of legacy and cutting-edge systems creates a complex network with inconsistent security standards. For example, a manufacturing facility may have older programmable logic controllers (PLCs) that lack encryption or modern authentication, yet these devices are now networked with cloud-based analytics platforms. Protecting such hybrid systems requires solutions that can bridge old and new technologies without disrupting operations.
Operational Complexity and Multi-Layered Risks
CPS security spans digital, physical, and operational dimensions simultaneously. A breach could not only compromise data but also cause safety incidents, environmental hazards, or regulatory non-compliance. For instance, in a chemical plant, a malicious actor could manipulate temperature or pressure controls, causing explosions or toxic leaks. This multi-dimensional risk profile makes a structured, comprehensive certification approach essential.

Because CPS integrate physical machinery, require uninterrupted real-time performance, and often involve hybrid legacy-modern networks, securing them goes far beyond standard IT cybersecurity. Manufacturers need structured frameworks and certifications that account for digital safeguards, operational continuity, and physical safety to ensure resilient and secure CPS deployment.

Key Certifications for CPS Security

Several certification frameworks play a critical role in helping manufacturers build secure and reliable CPS. FIPS 140-3 establishes that cryptographic functions—including encryption, key management, and tamper protection—operate correctly and securely across devices. Common Criteria provides assurance that essential security functions such as system integrity, secure boot, and access control are properly implemented and resistant to attack. As manufacturers increasingly adopt AI-driven tools for inspection, optimization, and predictive maintenance, emerging standards for AI assurance are also becoming important—they help ensure that machine-learning models remain reliable, tamper-resistant, and securely updated over time.

The growing reliance on CPS has significantly expanded the manufacturing attack surface. If an attacker manipulates operational data, disrupts a digital twin, or interferes with autonomous equipment, the resulting impact can spread quickly across an entire production line. Certification helps reduce these risks by requiring thorough, independent evaluations of security controls. Certified systems must meet strict industry standards, demonstrate consistent behavior under stress, and provide evidence that both digital integrity and physical safety have been considered. This creates a higher level of trust for customers, suppliers, and internal stakeholders.

How a Certification Partner Helps

Achieving certification for CPS can be challenging because of the number of interconnected components involved. A specialized certification partner helps manufacturers navigate this complexity by identifying which certifications apply to specific systems, uncovering architectural gaps early in the process, and guiding teams through secure development and documentation requirements. Partners also assist with preparing evidence packages, coordinating with testing labs, and managing the full certification lifecycle. This support reduces delays, improves compliance readiness, and helps ensure that CPS deployments meet rigorous security expectations.

The Corsec Advantage

Cyber-physical systems are transforming smart manufacturing, but their growing complexity demands stronger, verifiable security. Certification provides the independent assurance needed to protect operations, meet regulatory expectations, and build trust across the supply chain.

For nearly 30 years, Corsec has supported technology providers in achieving and maintaining security certifications essential for critical infrastructure, including FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and DoD requirements (STIGs, UCR, APL).

Corsec’s certification methodology and broad industry knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

Ready to Get Started?

As manufacturers accelerate adoption of cyber-physical systems, the need for validated cryptography, hardened device security, and standards-based protection becomes essential for safeguarding production environments. Connect with Corsec to strengthen your product’s security posture, navigate complex certification requirements, and support the future of trusted, resilient smart-manufacturing infrastructure.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson Corsec Director of Marketing jnelson@corsec.com

The post Securing Cyber-Physical Systems in Smart Manufacturing appeared first on Corsec Security, Inc.®.

FIPS 140-3 Archives - Corsec Security, Inc.®

HP Inc Completes FIPS 140-3 Validation of HP Poly Crypto Module

About FIPS 140

About the HP Poly Cryptographic Module

About Corsec Security, Inc.

FIPS 140-3 Validation Complete for Infinidat on Cryptographic Module

About FIPS 140

About the Infinidat Cryptographic Module

About Corsec Security, Inc.

Ericsson Enterprise Wireless Validates Cryptographic Module under FIPS 140-3

About FIPS 140

About Ericsson Enterprise Wireless and their Cryptographic Module

About Corsec Security, Inc.

OPSWAT Completes FIPS 140-3 Validation

About FIPS 140

About OPSWAT and their Cryptographic Module

About Corsec Security, Inc.

Fed Roundup: February 2026

Announcements:

Updates & Announcements:

Special Publications, Interagency Reports, & Cybersecurity White Papers:

Updates & Announcements:

Protection Profile Announcements:

Fidelity Completes FIPS 140-3 Validation with Corsec

About FIPS 140

About Fidelity Center for Applied Technology and their FCAT Wallet Vault

About Corsec Security, Inc.

Designing for FIPS 140-3: A Practical Guide for Engineering

Security & Design Engineering

Why FIPS 140‑3 Matters for Engineers and Product Teams

Security & Design Engineering

Engineering Mitigation Strategies

Addressing FIPS 140-3 & Key Considerations

a {<br /> text-decoration: none;<br /> color: #464feb;<br />}<br />tr th, tr td {<br /> border: 1px solid #e6e6e6;<br />}<br />tr th {<br /> background-color: #f5f5f5;<br />}<br />

Ready to Engineer Your Product for FIPS 140‑3?

FIPS Assessment

FIPS Design & Testing

FIPS Validation

About Corsec Security, Inc.

Enabling Federal Sales: Winning Security Strategies

Understanding FIPS 140-3

The Significance for Federal Agencies:

The Impact on Federal Sales Teams:

How Corsec Supports Federal Sales Success

Conclusion: FIPS 140-3 Is a Sales Enabler, Not a Checkbox

FIPS Assessment

FIPS Design & Testing

FIPS Validation

About Corsec Security, Inc.

Cloud Software Group completes FIPS 140-3 Validation

About FIPS 140

About Cloud Software Group and the NetScaler Virtual Appliance

About Corsec Security, Inc.

Securing Cyber-Physical Systems in Smart Manufacturing

The Rise of CPS in Modern Manufacturing

What Makes CPS Harder to Secure

Key Certifications for CPS Security

How a Certification Partner Helps

The Corsec Advantage

Ready to Get Started?