FIPS 140-2 Certification

nCipher Security helps you meet your needs for data security compliance with FIPS 140-2 certified products.

Americas Map

Certification

Active now

FIPS 140-2

The Federal Information Processing Standard (FIPS) Publication 140-2 (FIPS PUB 140-2), commonly referred as FIPS 140-2, is a US government computer security standard used to validate cryptographic modules. FIPS 140-2 was created by the NIST and, per the FISMA, is mandatory for US and Canadian government procurements. Many global organizations are also mandated to meet this standard. FIPS 140-2 compliance has been widely adopted around the world in both governmental and non-governmental sectors as a practical security benchmark and realistic best practice.

nCipher delivers security products that have been tested and validated against the rigorous FIPS 140-2 encryption compliance standard. nCipher FIPS 140-2 compliant products help you comply with regulations while also giving you the confidence you need in your cryptographic tools.

Security Standard

According to FIPS Publication 140-2:

“[It] provides a standard that will be used by Federal organizations when these organizations specify that cryptographic-based security systems are to be used to provide protection for sensitive or valuable data. Protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module. This standard specifies the security requirements that will be satisfied by a cryptographic module.

… The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include cryptographic module specification; cryptographic module ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks.”

Certification Authorities

The US NIST (National Institute of Standards and Technology) and Canadian CSE (Communications Security Establishment) jointly participate as certification authorities in the CMVP (Cryptographic Module Validation Program) to provide validation of cryptographic modules to the FIPS 140-2 standard.

For more information, click here.

nCipher Support for FIPS 140-2 Security Standard

The nShield family of hardware security modules (HSMs) conform to the FIPS 140-2 security standard. nShield HSMs, available in FIPS 140-2 Level 1, 2 and 3 models, provide secure solutions for generating encryption and signing keys, creating digital signatures, encrypting data and more in a variety of environments.

Please find a summary of nShield HSM FIPS 140-2 and other certifications here.

Brochures : nShield family brochure

nShield HSMs provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption and more.

Download

Data Sheet : nShield Connect HSMs

nShield Connect HSMs are certified, networked appliances that deliver cryptographic key services to applications distributed across servers and virtual machines.

Download

Data Sheet : nShield Solo HSMs

nShield Solo HSMs are certified PCI-e card-based solutions that deliver cryptographic key services to applications hosted on individual servers and appliances.

Download

Data Sheet : nShield Edge HSMs

nShield Edge HSMs are USB-connected desktop devices that provide convenience and economy for environments requiring low-volume cryptographic key services.

Download

Other key data protection and security regulations

eIDAS

eIDAS

Regulation

Active Now

The eIDAS regulation has been developed to establish a single European market for secure electric commerce, impacting any organisation that handles online transactions with European citizens.

Learn More

Common Criteria

Common Criteria

Common Criteria is an international standard for computer security certification. It provides assurance that IT security products have been evaluated in a rigorous manner and at a level commensurate with the target environment for use.

Learn More
Contact a Compliance Specialist Contact Us
Want to be part of our team? Explore
Get in contact with a specialist Contact Us