Corsec would like to congratulate our partner, Hewlett Packard, Inc., on completing the Federal Information Processing Standard Publication 140-3 (FIPS 140-3) validation process on their HP Poly Cryptographic Module. Completion of the FIPS 140-3 validation process provides reassurance and confirmation to users of the protection of sensitive information within their environment.

To achieve this benchmark, HP partnered with Corsec, completing the validation at a Level 1 as seen in certificate #5011. For more information on the validation and to find additional details on the module’s security policy, visit NIST’s validated modules site.

To learn more about engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About FIPS 140

FIPS 140-2 / FIPS 140-3 are a joint effort by the National Institute of Standards and Technology (NIST) in the United States and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.

FIPS 140 is mandated by law in the U.S. and very strictly enforced in Canada. FIPS 140 has gained worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. A FIPS 140 validation of a product provides end users with a high degree of product security, assurance, and dependability.

The HP Poly Cryptographic Module is an open-source, general-purpose cryptographic library which provides approved cryptographic algorithms to serve BoringSSL and other user-space applications. The module is intended for use in a variety of environments and any general-purpose environment that requires cryptographic primitives.

###

###

Corsec would like to congratulate our partner, Infinidat, Ltd., on completing the Federal Information Processing Standard Publication 140-3 (FIPS 140-3) validation process on their Infinidat Cryptographic Module. Completion of the FIPS 140-3 validation process provides reassurance and confirmation to users of the protection of sensitive information within their environment.

To achieve this benchmark, Infinidat partnered with Corsec, completing the validation at a Level 1 as seen in certificate #5245. For more information on the validation and to find additional details on the module’s security policy, visit NIST’s validated modules site.

To learn more about engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About FIPS 140

FIPS 140-2 / FIPS 140-3 are a joint effort by the National Institute of Standards and Technology (NIST) in the United States and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.

FIPS 140 is mandated by law in the U.S. and very strictly enforced in Canada. FIPS 140 has gained worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. A FIPS 140 validation of a product provides end users with a high degree of product security, assurance, and dependability.

The Infinidat Cryptographic Module is a set of cryptographic libraries that implement TLS, symmetric key generation and encryption/decryption, and SED authentication key derivation for the InfuzeOS™, which is the core component of the InfiniBox and InfiniBox SSA appliances.

The Infinidat Cryptographic Module comes preinstalled on each InfiniBox node.

###

Corsec would like to congratulate our partner, Ericsson Enterprise Wireless, on completing the Federal Information Processing Standard Publication 140-3 (FIPS 140-3) validation process on their Ericsson Cryptographic Module v3. Completion of the FIPS 140-3 validation process provides reassurance and confirmation to users of the protection of sensitive information within their environment.

To achieve this benchmark, Ericsson Enterprise Wireless partnered with Corsec, completing the validation at a Level 1 as seen in certificate #5228. For more information on the validation and to find additional details on the module’s security policy, visit NIST’s validated modules site.

To learn more about engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About FIPS 140

FIPS 140-2 / FIPS 140-3 are a joint effort by the National Institute of Standards and Technology (NIST) in the United States and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.

FIPS 140 is mandated by law in the U.S. and very strictly enforced in Canada. FIPS 140 has gained worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. A FIPS 140 validation of a product provides end users with a high degree of product security, assurance, and dependability.

Cradlepoint is now the Enterprise Wireless Solutions division of Ericsson. Their solutions enable organizations to innovate, operate, and grow anywhere — without constraints.

The Ericsson Cryptographic Module v3 is a cryptographic software library, intended for use by U.S. and Canadian Federal agencies and other markets that require FIPS 140-3 validated cryptographic functionality.

###

Corsec would like to congratulate our partner, OPSWAT, Inc., on completing the Federal Information Processing Standard Publication 140-3 (FIPS 140-3) validation process on their OPSWAT Cryptographic Module. Completion of the FIPS 140-3 validation process provides reassurance and confirmation to users of the protection of sensitive information within their environment.

To achieve this benchmark, OPSWAT partnered with Corsec, completing the validation at a Level 1 as seen in certificate #5225. For more information on the validation and to find additional details on the module’s security policy, visit NIST’s validated modules site.

To learn more about engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About FIPS 140

FIPS 140-2 / FIPS 140-3 are a joint effort by the National Institute of Standards and Technology (NIST) in the United States and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.

FIPS 140 is mandated by law in the U.S. and very strictly enforced in Canada. FIPS 140 has gained worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. A FIPS 140 validation of a product provides end users with a high degree of product security, assurance, and dependability.

OPSWAT protects critical infrastructure. Their goal is to eliminate malware and zero-day attacks. They believe that every file and every device pose a threat. Threats must be addressed at all locations at all times—at entry, at exit, and at rest. Their products focus on threat prevention and process creation for secure data transfer and safe device access. The result is productive systems that minimize risk of compromise.

The OPSWAT Cryptographic Module is a cryptographic software library, intended for use by U.S. and Canadian Federal agencies and other markets that require FIPS 140-3 validated cryptographic functionality.

###

###

Corsec would like to congratulate our partner, Fidelity Center for Applied Technology, LLC, on completing the Federal Information Processing Standard Publication 140-3 (FIPS 140-3) validation process on their FCAT Wallet Vault Cryptographic Module. Completion of the FIPS 140-3 validation process provides reassurance and confirmation to users of the protection of sensitive information within their environment.

To achieve this benchmark, Fidelity partnered with Corsec, completing the validation at a Level 1 as seen in certificate #5153. For more information on the validation and to find additional details on the module’s security policy, visit NIST’s validated modules site.

To learn more about engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About FIPS 140

FIPS 140-2 / FIPS 140-3 are a joint effort by the National Institute of Standards and Technology (NIST) in the United States and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.

FIPS 140 is mandated by law in the U.S. and very strictly enforced in Canada. FIPS 140 has gained worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. A FIPS 140 validation of a product provides end users with a high degree of product security, assurance, and dependability.

Fidelity Center for Applied Technology LLC is a catalyst for breakthrough achievements in research and tech. They assess, test and scale concepts and ideas that advance Fidelity’s markets leadership and enhance every customer’s experience.

FCAT Wallet Vault Cryptographic Module version 1.0 is a software library providing a C language API for use by other applications requiring cryptographic functionality. FCAT Wallet Vault Cryptographic Module 1.0 offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and key establishment functions to secure data-at-rest/data-in-flight and to support industry-standard secure communications protocols (including TLS 1.2/1.3).

###

###

FIPS Assessment

FIPS Design & Testing

FIPS Validation

For 27+ years Corsec has guided companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD (STIGs, DoDIN APL, UC APL). From mobile devices to satellites, Corsec helps companies reduce validation risk, shorten timelines, and expand into regulated markets.

###

Understanding FIPS 140-3

The Federal Information Processing Standard (FIPS) 140-3 defines the security requirements for cryptographic modules used to protect sensitive but unclassified information within federal systems. Issued by the National Institute of Standards and Technology (NIST), FIPS 140-3 replaces the long-standing FIPS 140-2 standard and aligns U.S. government cryptographic requirements with modern international standards. At a practical level, FIPS 140-3 governs how encryption, key management, authentication, and cryptographic functions are designed, implemented, tested, and operated.

It is critical to distinguish between:

• FIPS compliance (a vendor assertion or configuration claim), and

• FIPS validation (formal certification issued through CMVP).

Federal agencies—and their Authorizing Officials—almost always require validated cryptographic modules, not aspirational compliance statements.

The Significance for Federal Agencies:

FIPS 140-3 has become more than a legacy federal requirement carried forward—it is now a defining control point in modern federal procurement. Several converging forces have elevated its importance:

1. The Sunsetting of FIPS 140-2 Is Forcing Action
FIPS 140-2 is officially sunsetting, with CMVP transitioning fully to FIPS 140-3 validations. Agencies are increasingly unwilling to approve new systems that rely on FIPS 140-2-only modules, especially for long-lived deployments. For sales teams, this means:

• Legacy validations are losing procurement value

• “We’ll address it later” is no longer acceptable to buyers

• Products without a FIPS 140-3 roadmap are seen as short-term or high-risk investments

Vendors that delay transition often find themselves locked out of future RFPs or facing costly re-engineering under procurement pressure.

2. Zero Trust and Cloud Mandates Depend on Strong Cryptography
Federal zero-trust initiatives, cloud-first policies, and identity-centric architectures all rely on provable cryptographic trust. Without validated cryptographic modules, these architectures fail to meet baseline federal security expectations. As a result, FIPS 140-3 validation is increasingly treated as foundational infrastructure, not an optional enhancement.

Sales teams that can articulate how their product’s cryptography aligns with FIPS 140-3—and how it supports zero-trust objectives—gain immediate credibility with federal buyers.

3. FIPS 140-3 Is Directly Tied to ATO Outcomes
One of the most common—and costly—procurement blockers in federal sales is Authority to Operate (ATO) friction. Systems that lack validated cryptography frequently encounter:

• Extended POA&Ms

• Conditional authorizations

• Delayed deployments

• Additional agency scrutiny

From an Authorizing Official’s perspective, unvalidated cryptography introduces unnecessary risk. FIPS 140-3 validation simplifies security assessments, reduces ambiguity, and shortens approval timelines.

For sales teams, this translates into: 1.) Faster time-to-value for customers, 2.) Fewer late-stage deal delays, and 3.) Reduced risk of post-award surprises

4. Procurement Language Is Becoming Explicit
Federal acquisition language increasingly mandates FIPS 140-3 explicitly, referencing: NIST standards, OMB directives, Agency-specific cybersecurity policies, and FAR and DFARS clauses.

Vendors that cannot clearly demonstrate FIPS alignment risk:

• Failing compliance checks during proposal evaluation

• Being deemed “technically unacceptable”

• Losing deals before pricing or differentiation is even considered

In competitive procurements, FIPS 140-3 readiness is often assumed—not rewarded. Its absence, however, is penalized immediately.

The Impact on Federal Sales Teams:

For federal sales professionals and their engineering counterparts, FIPS 140-3 has direct, measurable impact on revenue outcomes, specifically when looking at competitive eligibility.

Without a FIPS 140-3 validation, many opportunities are simply un-winnable. With it, teams gain access to a broader set of procurements and avoid early disqualification.

• Trust and Credibility: Validated cryptography signals maturity, seriousness, and commitment to federal security standards. It reassures buyers that the vendor understands federal risk tolerance and compliance expectations.
• Sales-Cycle Acceleration: Products aligned with FIPS 140-3 encounter fewer objections during security reviews, enabling smoother evaluations and faster procurement decisions.
• Risk Reduction: Understanding validation scope, timelines, and dependencies helps sales teams avoid overpromising and protects engineering teams from last-minute compliance fire drills.

Achieving FIPS 140-3 is not a single engineering task—it is a cross-functional initiative that touches product architecture, release planning, sales strategy, and customer engagement.

FIPS Assessment

FIPS Design & Testing

FIPS Validation

For 27+ years Corsec has guided companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD (STIGs, DoDIN APL, UC APL). We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

###