U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

FIPS 140-3 (2nd Public Draft)

Security Requirements for Cryptographic Modules

Date Published: December 11, 2009
Comments Due: March 11, 2010 (public comment period is CLOSED)
Email Questions to:

Planning Note (08/30/2012):

A Federal Register Notice was posted, requesting additional comments on specific sections and subsections of the 2009 draft.


Author(s)

National Institute of Standards and Technology

Announcement

The Revised Draft FIPS 140-3 is the second public draft of NIST's proposed revision of FIPS 140-2. The Revised Draft was developed using the comments received on the first public draft, which was posted for public review and comment on July 13, 2007, and the FIPS 140-3 Software Security Workshop held on March 18, 2008. While the 2007 Draft proposed 5 levels of security, the Revised Draft FIPS 140-3 reverts to 4 levels of security as currently specified in FIPS 140-2. In contrast to the 2007 Draft, the Revised Draft also reintroduces the notion of firmware cryptographic module and defines the security requirements for it, limits the overall security level for software cryptographic modules to Security Level 2, and removes the formal model requirement at Security Level 4. Differences with the current FIPS 140-2 standard include limiting the overall security level for software cryptographic modules to Security Level 2, requirements for mitigation of non-invasive attacks at higher security levels, elimination of the requirement for formal modeling at Security Level 4, modified conditions for pre-operational/power-on self-tests, and strengthened integrity testing.

Abstract

Keywords

computer security; telecommunication security; physical security; software security; cryptography; cryptographic modules; Federal Information Processing Standard (FIPS).
Control Families

Identification and Authentication; System and Communications Protection; System and Information Integrity

Documentation

Publication:
Draft FIPS 140-3 (revised draft) (pdf)

Supplemental Material:
Comments received and resolutions (pdf)
2012 Request for Additional Comments

Document History:
07/13/07: FIPS 140-3 (Draft)
12/11/09: FIPS 140-3 (Draft)
03/22/19: FIPS 140-3 (Final)

Topics

Security and Privacy

cryptography, testing & validation

Laws and Regulations

Federal Information Security Modernization Act