Laurie Mack |
More About This Author >
Laurie Mack |
More About This Author >
Last spring, in the second installment of this blog series, we were excited to announce that our Luna HSM product line was the first HSM in the industry to achieve FIPS 140-3 level 3 validation certificate.
This spring, in this third installment, we happily share the news that many of Thales Data Security solutions, including the Luna USB HSMs and High Speed Encryptors (HSE) are now also validated for FIPS 140-3. This marks a significant milestone as it means that Thales has achieved FIPS 140-3 validations across its Data Security product portfolio, demonstrating their commitment to the highest security standards.
At the recent ICMC conference in Toronto, our certifications team were on hand to pick up their hard-earned reward for this achievement. Much of this work is invisible to our customers as we do everything we can to make the transition simple and easy, but this dedicated team put in significant time and effort to make this happen.
From left to right: Teresa Macarthur, Thales Security Certifications; Graham Costa, Thales Security Certifications; David Hawes, NIST CMVP Program Manager; Laurie Mack, Thales Security Certifications; Will Tung, Thales Security Certifications; Rebeca Shaw, Thales Security Certifications; Kailai Chen, CCCS CMVP Program Manager.
Why the changes to FIPS?
For many years the FIPS validations remained unchanged, which always begs the question, why change? Since FIPS 140-2 was established in 1998, technology has transformed significantly impacting everyone, including certifications. The FIPS 140-3 compliance mandate is more closely aligned to international standards and designed to match new and evolving technologies. It is more flexible and modular in its approach and serves as a de facto goalpost for many global entities.
FIPS 140-3 also introduces the ability to certify Post-Quantum Cryptography (PQC) algorithms. Implementing FIPS 140-3 validated security solutions is an essential part of building a quantum-safe crypto agile security posture, ensuring organizations stay protected today, as well as into the future.
For network encryption, Thales High Speed Encryptors (HSE) hardware network encryptors (CN Series) are now certified at Level 3, while the virtual encryptors (CV Series) are certified at Level 1, all aligning with the latest NIST requirements and continuing to validate our solutions to the highest standards. FIPS 140-3 introduces enhanced lifecycle security, stronger authentication, improved physical security, and stringent side-channel attack prevention, all of which Thales' network encryption solutions address. This certification underscores Thales' dedication to providing robust, compliant encryption solutions that surpass industry standards and ensure data in motion protection in demanding environments, positioning them as a leader in secure network encryption.
New to the topic?
If you are new to understanding FIPS compliance and want to learn more about our market-leading data security solutions that help to make compliance easy, simply visit our FIPS 140-3 webpage or contact your local Thales representative. The webpage also provides more details about the differences between 140-2 and 140-3 and the benefits to customers from this changeover.
You can also read our previous blogs about the transition to FIPS 140-3:
Already a customer and wondering about next steps?
It's important to begin your transition from FIPS 140-2 to FIPS 140-3 now. The CMVP no longer accepts submissions for FIPS 140-2, and existing 140-2 certificates are slated to move to historical on September 21, 2026.
Organizations that need to maintain FIPS compliance must ensure that their cybersecurity solutions are FIPS 140-3 validated after this date. Ensure that your Luna Network and PCIe HSMs, and High Speed Encryptors are updated to the latest firmware that has this validation built in. For those of you with a USB HSM, begin your updates as soon as you can. Testing out these changes on your applications and/or network first is often recommended as a first step. Then simply go to the Customer Support Portal to get the latest firmware or software package for your product. If you ever have any questions throughout this process, the Thales team is always here to help.
As always, Thales is dedicated and unwavering in our commitment to pioneering crypto advancements and delivering top-tier protection for our customers’ most sensitive data.