U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Security Requirements for Cryptographic Modules

Published

Author(s)

National Institute of Standards and Technology (NIST), Michael J. Cooper, Kim B. Schaffer

Abstract

The selective application of technological and related procedural safeguards is an important responsibility of every federal organization in providing adequate security in its computer and telecommunication systems. This standard is applicable to all federal agencies that use cryptographic- based security systems to provide adequate information security for all agency operations and assets as defined in 15 U.S.C. Section 278g-3. This standard shall be used in designing and implementing cryptographic modules that federal departments and agencies operate or are operated for them under contract. The standard provides four increasing, qualitative levels of security intended to cover a wide range of potential applications and environments. The security requirements cover areas related to the secure design, implementation and operation of a cryptographic module. These areas include cryptographic module specification; cryptographic module interfaces; roles, services, and authentication; software/firmware security; operating environment; physical security; non-invasive security; sensitive security parameter management; self-tests; life-cycle assurance; and mitigation of other attacks. [Supersedes FIPS 140-2 (May 25, 2001): http://www.nist.gov/manuscript-publication-search.cfm? pub_id=902003]
Citation
Federal Inf. Process. Stds. (NIST FIPS) - 140-3
Report Number
140-3
NIST Pub Series
Federal Inf. Process. Stds. (NIST FIPS)
Pub Type
NIST Pubs
Supercedes Publication
Security Requirements for Cryptographic Modules [includes Change Notices as of 12/3/2002]

Download Paper

DOI Link

Keywords

computer security, telecommunication security, physical security, software security, cryptography, cryptographic modules, Federal Information Processing Standard (FIPS), ISO/IEC 19790, ISO/IEC 24759
Information technology and Cryptography

Citation

(NIST), N. , Cooper, M. and Schaffer, K. (2019), Security Requirements for Cryptographic Modules, Federal Inf. Process. Stds. (NIST FIPS), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.FIPS.140-3 (Accessed January 11, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created March 22, 2019, Updated July 25, 2024