Thales banner

Validations and Certifications

FIPS and Common Criteria certified HSM Solutions

Thales's Hardware Security Modules (HSMs) provide reliable protection against compromise for applications and information assets to ensure regulatory compliance, reduce the risk of legal liability and improve profitability. Thales’s robust FIPS and Common Criteria validated HSM solutions are tamper resistant and offer the highest level of security.

Federal Information Processing Standards (FIPS) Validation

TestThales HSMs are laboratory-tested under the Cryptographic Module Validation Program (CMVP) of the US National Institute for Standards and Technology NIST, in conjunction with the Canadian Communications Security Establishment (CSE). The standards relevant to cryptographic modules are the Federal Information Processing Standards (FIPS) Security Requirements for Cryptographic Modules and are publicly announced and developed by the Unites States federal government for use by all non-military government agencies and by government contractors.

Thales modules validated as conforming to FIPS 140-1 and FIPS 140-2 are accepted by the Federal Agencies of Canada and USA for the protection of sensitive information and are accompanied by documentation bearing the FIPS logo of approval. You can find the Thales HSMs listed on the NIST website.

Common Criteria Validation

Test

A broad portfolio of Thales's products have been awarded Common Criteria certification for meeting the security requirements defined by the Common Criteria for Information Technology Security Evaluation.

The Common Criteria is an internationally recognised ISO standard (ISO/IEC15408) used by governments and other organisations to assess the security and assurance of technology products. Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard manner.

In the United States, federal agencies mandate that all IT products purchased by the U.S. Government for national security systems, which handle classified and some non-classified information, are required to be Common Criteria certified. Security-conscious customers such as government agencies utilise Common Criteria certification as a determining factor when making purchasing decisions.