Cryptographic Testing
FIPS 140-3 Testing
Consult our experts. We are happy to support you.
FIPS 140-3 – short for the U.S. Federal Information Processing Standard 140-3 – are security requirements for cryptographic modules related to the secure design and implementation of cryptographic modules that provide protection for sensitive or valuable data.
We also offer legacy updates for cryptographic modules previously certified under FIPS 140-2 until September 2026.
What atsec offers:
atsec US provides the following cryptographic module testing services:
- Training for FIPS 140-3 and validation process
- Assessment of your cryptographic module test readiness
- Support for the production of the security policy, finite state mode, and user documentation
- Conformance testing of cryptographic modules, resulting in a certificate issued by the National Institute of Standards and Technology (NIST) and the Canadian Center of Cyber Security (CCCS) Cryptographic Module Validation Program (CMVP)
Authoritative websites:
More information:
Why our services are important to you:
If you plan to sell a product that includes a cryptographic module to a U.S. Federal Government agency that uses cryptographic-based security systems to protect sensitive data in computer or telecommunication systems, FIPS 140-3 certification of that product is mandatory. In addition, FIPS 140-3 certification of cryptographic modules is increasingly valued in other industry sectors (for example, banking) in which the protection of sensitive data by cryptographic-based solutions is critical. atsec is ready to partner with you to help you understand the requirements of the standard, assess your product’s readiness for FIPS 140-3 validation, and perform the conformance testing that will earn certification of your cryptographic product.
Downloads:
Further information for your certification journey.
FIPS 140-2 and FIPS 140-3 certificates earned through atsec testing:
| Vendor / Product | Sec. level / Type | Number / Date |
|---|---|---|
| Oracle Corporation Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module |
1 Software |
 47392024-07-25 |
| Qualcomm Technologies, Inc. Qualcomm® Inline Crypto Engine (UFS) |
1 Hardware |
4738 2024-07-25 |
| F5, Inc. Device Cryptographic Module |
2 Hardware |
4733 2024-07-22 |
| Qualcomm Technologies, Inc. Qualcomm® Pseudo Random Number Generator |
1 Firmware-Hybrid |
4732 2024-07-22 |
| SUSE, LLC SUSE Linux Enterprise NSS Cryptographic Module |
1 Software |
4728 2024-07-16 |
| SUSE, LLC SUSE Linux Enterprise Kernel Crypto API Cryptographic Module |
1 Software |
4727 2024-07-15 |
| SUSE, LLC SUSE Linux Enterprise OpenSSL Cryptographic Module |
1 Software |
4725 2024-07-12 |
| Advanced Micro Devices (AMD) AMD ASP Cryptographic CoProcessor (“Phoenix”) |
1 Firmware-Hybrid |
4723 2024-07-11 |
| SUSE, LLC SUSE Linux Enterprise Libgcrypt Cryptographic Module |
1 Software |
4722 2024-07-11 |
| F5, Inc. Cryptographic Module for BIG-IP® |
1 Software |
4716 2024-07-09 |
| Qualcomm Technologies, Inc. Qualcomm® Crypto Engine Core |
2 Hardware |
 46662023-11-29 |
| Qualcomm Technologies, Inc. Qualcomm® Pseudo Random Number Generator |
1 Hardware |
4655 2023-11-22 |
Introduction to the
CMVP and CAVP
Watch our Introduction to the Cryptographic Module Validation Program and the Cryptographic Algorithm Validation Program video, which will provide you with a head start on understanding the certification process.
Still have questions?
Can’t find what you’re looking for? Let’s talk!
Cryptographic Algorithm Testing
Testing that cryptographic algorithms are implemented correctly is a prerequisite for FIPS 140-3 cryptographic module testing and NIAP Common Criteria evaluations.
Entropy Source Assessment
Documented conformance, where applicable, to the SP 800-90B is required by the CMVP for all FIPS 140-3 module validation submissions.
Common Criteria Evaluation
The Common Criteria (CC), also known as ISO 15408, is an internationally recognized standard used to specify and assess the security of IT products.
The Information Security Provider
Read Our Latest Blog Articles
Learn the latest and greatest about information security. You’ll find insights and analyses of recent developments in technology and policy on our blog.
-
Guiding the Way through the World of Cyber Security
Roughly every five years, we refresh our website with a new appearance. As a precursor to our 25th anniversary in January 2025, we are thrilled to show the world our stylish, modern look. It is atsec’s firm belief that effective security assurance can only truly be accomplished when…
-
First SP800-140Br1 Compliant FIPS 140-3 Certificates
On July 11th, 2024, the first three FIPS 140-3 certificates for NIST’s SP800-140Br1 pilot program were posted on the NIST website. atsec information security was one of the labs that took part in the pilot program. SP 800-140Br1 specifies modifications of the methods to be used by a…
-
atsec has become an official GSMA member
atsec has become an official GSMA member. The GSMA represents the interests of mobile operators worldwide, uniting more than 750 operators with almost 400 companies in the broader mobile ecosystem, including handset and device makers, software companies, equipment providers and internet companies, as well as organizations in adjacent…