.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
Validate cryptographic modules against US federal security requirements.FIPS 140-3 is a US government standard that specifies security requirements for cryptographic modules. Maintained by NIST, it defines four security levels and is required for cryptographic products used by US federal agencies and many regulated industries.
FIPS 140-3 validation applies to the cryptographic modules themselves. Organizations typically use validated modules rather than seeking validation directly.
Who needs FIPS 140-3?
Cryptographic vendors
Companies that build cryptographic modules requiring federal validation.
Federal suppliers
Organizations that must use FIPS-validated cryptography in their products.
Key components
Level 1
Basic security requirements for a cryptographic module.
Level 2
Adds tamper-evidence and role-based authentication.
Level 3
Adds tamper-resistance and identity-based authentication.
Level 4
The highest level, with robust physical security against environmental attacks.
How DSALTA helps with FIPS 140-3
Activate FIPS 140-3
Select FIPS 140-3 from the Frameworks page. DSALTA maps cryptographic requirements to controls.
Frequently asked questions
Do I validate my whole product?
Do I validate my whole product?
No — validation applies to the cryptographic module. Most organizations select and deploy already-validated modules rather than validating their entire product.
How is 140-3 different from 140-2?
How is 140-3 different from 140-2?
FIPS 140-3 is the current standard, aligning with ISO/IEC 19790. New validations are issued under 140-3 as 140-2 is phased out.