Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security Requirements for Cryptographic Modules [includes Change Notices as of 12/3/2002]

Published

Author(s)

National Institute of Standards and Technology (NIST), Annabelle Lee, Miles E. Smid, Stanley R. Snouffer

Abstract

This Federal Information Processing Standard (140-2) specifies the security requirements that will be satisfied by a cryptographic module, providing four increasing, qualitative levels intended to cover a wide range of potential applications and environments. The areas covered, related to the secure design and implementation of a cryptographic module, include specification; ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks. [Supersedes FIPS 140-1 (January 11, 1994): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=917970]
Citation
Federal Inf. Process. Stds. (NIST FIPS) - 140-2
Report Number
140-2

Keywords

computer security, cryptographic module, FIPS 140-2, validation

Citation

(NIST), N. , Lee, A. , Smid, M. and Snouffer, S. (2001), Security Requirements for Cryptographic Modules [includes Change Notices as of 12/3/2002], Federal Inf. Process. Stds. (NIST FIPS), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.FIPS.140-2 (Accessed October 15, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created May 25, 2001, Updated July 25, 2024