Skip to main content
purple hex pattern

Help meet your needs for data security compliance with FIPS 140-2 and FIPS 140-3 certified products

The Federal Information Processing Standard (FIPS) Publication 140-3 (FIPS PUB 140-3), commonly referred as FIPS 140-3, is the latest version of the U.S. government computer security standard used to validate cryptographic modules. As of April 1, 2022, FIPS PUB 140-3 Security Requirements for Cryptographic Modules supersedes FIPS 140-2 for new submissions.

Products certified to FIPS 140-2 can remain valid for five years after validation. See NIST transition page for more details. FIPS 140-2 and 140-3 were created by the NIST and, per the FISMA, are mandatory for U.S. and Canadian government procurements. Many global organizations are also mandated to meet these standards. FIPS 140-2 and 140-3 compliance have been widely adopted around the world in both governmental and non-governmental sectors as a practical security benchmark and realistic best practice.

Entrust delivers security products that have been tested and validated against the rigorous FIPS 140-2 and 140-3 encryption compliance standard. Entrust FIPS 140-2 and 140-3 compliant products help you comply with regulations while also giving you the confidence you need in your cryptographic tools.

Overview

Security Standard

According to FIPS Publication 140-3:

“The selective application of technological and related procedural safeguards is an important responsibility of every federal organization in providing adequate security in its computer and telecommunication systems. This standard is applicable to all federal agencies that use cryptographic-based security systems to provide adequate information security for all agency operations and assets.”

“This standard shall be used in designing and implementing cryptographic modules that federal departments and agencies operate or are operated for them under contract. The standard provides four increasing, qualitative levels of security intended to cover a wide range of potential applications and environments. The security requirements cover areas related to the secure design, implementation, and operation of a cryptographic module.”

These areas include:

  • cryptographic module specification
  • cryptographic module interfaces
  • roles, services, and authentication
  • software/firmware security
  • operating environment
  • physical security
  • non-invasive security
  • sensitive security parameter management
  • self-tests
  • life-cycle assurance
  • mitigation of other attacks

Certification Authorities

The US NIST (National Institute of Standards and Technology) and Canadian CSE (Communications Security Establishment) jointly participate as certification authorities in the CMVP (Cryptographic Module Validation Program) to provide validation of cryptographic modules to the FIPS 140-2 standard.

For more information, read our FAQ pages:
What is FIPS 140-2?
What is FIPS 140-3? 

Compliance Overview

Entrust nShield HSM Support for FIPS 140-2 and 140-3* Security Standard

The Entrust nShield® family of hardware security modules (HSMs) conform to the FIPS 140-2 security standard. Entrust nShield HSMs – available in FIPS 140-2 Level 1, 2, and 3 models and, soon FIPS 140-3 Level 3* – provide secure solutions for generating encryption and signing keys, creating digital signatures, encrypting data, and more in a variety of environments.

*FIPS 140-3 certification is under evaluation

Product Compliance Detail

A summary of nShield FIPS 140-2, FIPS 140-3, Common Criteria, and other certifications.

Entrust Security Certification Reference Document

Resources

Brochure: Entrust nShield HSM Family Brochure

Entrust nShield HSMs provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption, and more. Available in thee FIPS 140-2 certified form factors – and soon, two FIPS 140-3 form factors – Entrust nShield HSMs support a variety of deployment scenarios.

Entrust nShield HSM Family Brochure

Data Sheet: Entrust nShield Connect

Entrust nShield Connect HSMs are certified, networked appliances that deliver cryptographic key services to applications distributed across servers and virtual machines.

Entrust nShield Connect Data Sheet

Data Sheet: Entrust nShield Solo

Entrust nShield Solo HSMs are certified PCI-e card-based solutions that deliver cryptographic key services to applications hosted on individual servers and appliances.

Entrust nShield Solo Data Sheet

Data Sheet: Entrust nShield Edge HSMs

Entrust nShield Edge HSMs are USB-connected desktop devices that provide convenience and economy for environments requiring low-volume cryptographic key services.

Entrust nShield Edge Data Sheet