FIPS 140 standards are a set of security requirements for cryptographic modules defined by the National Institute of Standards and Technology (NIST)1 and managed by both the United States and Canada, as part of the Cryptographic Module Validation Program (CMVP)2. FIPS 140-validated modules are mandatory for protecting cryptographic keys and performing cryptographic operations for many government applications. It has become the de facto standard in many other countries and in the private sector, particularly in the financial and payment industries, as FIPS 140 validated HSMs provide confidence and trust when securing cryptographic infrastructures.
FIPS 140-2 is the current version and has been in force since May 2001. It defines a total of 4 security levels and 11 areas of cryptographic product design and implementation. These include key management; interfaces; roles; services and authentication; and operating systems. More information about FIPS 140-2 can be found in the Landing Securely on Regulatory Compliance with Thales Luna HSMs blog post.
FIPS 140-3 will supersede FIPS 140-2 and is based on existing international standards with some modifications:
- ISO/IEC 19790:2012
Security Requirements for Cryptographic Modules
ISO/IEC 19790:20123 lists the security requirements for a cryptographic module utilized within a security system protecting sensitive information in computer and telecommunication systems. This International Standard defines four security levels for cryptographic modules to provide for a wide spectrum of data sensitivity (e.g. low value administrative data, million dollar funds transfers, life protecting data, personal identity information, and sensitive information used by government) and a diversity of application environments (e.g. a guarded facility, an office, removable media, and a completely unprotected location).
- ISO/IEC 24759:2017
Test Requirements for Cryptographic Modules
ISO/IEC 24759:20174 specifies the methods to be used by accredited laboratories to test whether the cryptographic module conforms to the requirements specified in ISO/IEC 19790:2012. The methods are developed to provide a high degree of objectivity during the testing process and to ensure consistency across the testing laboratories.
The difference between FIPS 140-2 and FIPS 140-3
FIPS 140-3 special publications5 include information on a variety of requirements including: derived tests; documentation; security policies; security functions; security parameters; authentication; and non-invasive attack mitigation. Many of these changes are still not finalized, but some of the more interesting changes include:
- Stricter integrity test requirements:
- Level 2 modules must provide software/firmware integrity testing using digital signatures or HMAC (hash-based message authentication code)
- Level 3 and Level 4 modules must provide integrity using digital signatures only
- New required service -- to output the module name/identifier and version that can be mapped to validation records/certificates
- Key zeroization is required -- for ALL unprotected “Sensitive Security Parameters” (SSP) at all levels, including public keys:
- Level 2+ require a status indicator when the zeroization process is completed
- Zeroization of unprotected SSPs can still be done procedurally at Level 1 only
- Roles, services and authentication – must be met by a cryptographic module’s implementation (not through policy, rules, etc.), for example password size restrictions
- Non-invasive security – is required for hardware and firmware components of a module, optional for software modules operating in a modifiable operating environment, and the module must protect against a list of non-invasive attacks
- Lifecycle assurance -- vendor testing -- vendors need to perform their own testing on a module, in additional to the validation lab testing
- Operational environment -- software modules no longer need to operate in a Common Criteria (CC) evaluated OS or ‘trusted operating system’ in order to meet Level 2 requirements, however, these Level 2 modifiable operational environments require an audit mechanism
- March 22, 2019 – the Secretary of Commerce approved FIPS 140-3 Security Requirements for Cryptographic Modules
- September 22, 2019 -- FIPS 140-3 became effective
- September 22, 2020 -- FIPS 140-3 testing begins through the CMVP
- September 22, 2021 – only FIPS 140-3 submissions accepted
Transitioning to FIPS 140-3
FIPS 140-2 will be around for a while. Modules can still be submitted and validated to FIPS 140-2 until September 22, 2021. Existing FIPS 140-2 certificates will not be revoked as part of the transition. In fact, FIPS 140-2-certified modules will be valid for a further five years until September 2026.
CMVP will start accepting FIPS 140-3 submissions only on September 22, 2020. After September 22, 2021, only FIPS 140-3 submissions will be accepted.