Skip to content
Home / Function (NIST CSF 2.0) / PR - Protect / DS - Data Security / Cryptography

NIST Federal Information Processing Standard (FIPS) Publication 140-3: Security Requirements for Cryptographic Modules

This document focuses on:

FIPS 140-3 is a mandatory standard for federal agencies and a benchmark for the private sector that defines the security requirements for hardware and software cryptographic modules. It superseded FIPS 140-2 by aligning more closely with international standards, specifically ISO/IEC 19790, and introducing more rigorous testing for physical security and self-tests. From a cybersecurity perspective, this document is the gold standard for Encryption, Key Management, and Data-at-Rest/Data-in-Transit Protection, as it ensures that cryptographic algorithms are implemented correctly and resistant to tampering. Key relevant topics include Authentication, Physical Security Controls, and Non-Invasive Security, which addresses modern threats like side-channel attacks. By requiring four increasing levels of security, it allows organizations to scale their Cryptographic Integrity based on the sensitivity of the data they are protecting.


Publication's URL

https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *