U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

FIPS 140-3

Security Requirements for Cryptographic Modules

Date Published: March 22, 2019

Supersedes: FIPS 140-2 (12/03/2002)

Planning Note (5/1/2019): See the FIPS 140-3 Development project for information on the Implementation Schedule and development of supporting SP 800-140x documents.


National Institute of Standards and Technology



computer security; telecommunication security; physical security; software security; cryptography; cryptographic modules; Federal Information Processing Standard (FIPS); ISO/IEC 19790:2012; ISO/IEC 24759:2014
Control Families

None selected


FIPS 140-3 (DOI)
Local Download

Supplemental Material:
Cryptographic Module Validation Program (CMVP) (other)
NIST News Article (other)

Related NIST Publications:
ITL Bulletin
SP 800-140

Document History:
07/13/07: FIPS 140-3 (Draft)
12/11/09: FIPS 140-3 (Draft)
03/22/19: FIPS 140-3 (Final)