Security Requirements for Cryptographic Modules [includes Change Notices as of 12/3/2002]

Published: May 25, 2001


Annabelle Lee, Miles E. Smid, Stanley R. Snouffer


This Federal Information Processing Standard (140-2) specifies the security requirements that will be satisfied by a cryptographic module, providing four increasing, qualitative levels intended to cover a wide range of potential applications and environments. The areas covered, related to the secure design and implementation of a cryptographic module, include specification; ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks. [Supersedes FIPS 140-1 (January 11, 1994):]
Citation: Federal Inf. Process. Stds. (NIST FIPS) - 140-2
Report Number:
Pub Type: NIST Pubs

Download Paper


computer security, cryptographic module, FIPS 140-2, validation
Created May 25, 2001, Updated March 06, 2017