The most widely recognized security validation for Cryptographic Modules
FIPS 140-3/ ISO 19790
What is FIPS 140-3?
How does it work?
- Level 1: Validation of at least one approved algorithm or security function. Requires explicit or implicit authentication, production-grade components and functional testing.
- Level 2: Requires role-based authentication and physical security requirements for tamper evidence.
- Level 3: Requires identity-based authentication.
- Adds requirements for physical tamper-resistance and environ-mental conditions for temperature and voltage. Trusted channel for the transmission of unprotected key material.
- Level 4: Requires multifactor-based authentication. Adds requirements for tamper detection and response envelope, EFP and fault injection mitigation.
What is tested in FIPS 140-3?
- Cryptographic module specification
- Cryptographic module interfaces
- Roles, services, and authentication
- Software/Firmware security
- Operational environment
- Physical security
- Non-invasive security
- Sensitive security parameter management
- Life-cycle assurance
- Mitigation of other attacks
Certifying your Cryptographic Module with DEKRA
- CAVP certification
- ESV certification
- CMVP certification (FIPS 140-3 and FIPS 140-2 cert maintenance)
- FIPS 140-3/CAVP/ESV training
- Consultancy services
- Compliance letters