The Secretary of Commerce approves FIPS 140-2, Security Requirements for Cryptographic Modules, which supersedes FIPS Standard 140-1, and makes it compulsory and binding on Federal agencies for the protection of sensitive, unclassified information, FIPS 140-1, which was first published in 1994, specified that it would be reviewed within five years. FIPS 140-2 is the result of the review and replaces FIPS 140-1.