FIPS 140-3 is a mandatory standard for federal agencies and a benchmark for the private sector that defines the security requirements for hardware and software cryptographic modules. It superseded FIPS 140-2 by aligning more closely with international standards, specifically ISO/IEC 19790, and introducing more rigorous testing for physical security and self-tests. From a cybersecurity perspective, this document is the gold standard for Encryption, Key Management, and Data-at-Rest/Data-in-Transit Protection, as it ensures that cryptographic algorithms are implemented correctly and resistant to tampering. Key relevant topics include Authentication, Physical Security Controls, and Non-Invasive Security, which addresses modern threats like side-channel attacks. By requiring four increasing levels of security, it allows organizations to scale their Cryptographic Integrity based on the sensitivity of the data they are protecting.
Home / Function (NIST CSF 2.0) / PR - Protect / DS - Data Security / Cryptography
NIST Federal Information Processing Standard (FIPS) Publication 140-3: Security Requirements for Cryptographic Modules
This document focuses on:Encryption