FIPS 140-3 Certification | DEKRA
FIPS 140-3 Certification

Get the Most Recognized Cybersecurity Validation for Cryptographic Modules

HomepageBusiness CustomersAll ServicesDigital & Product SolutionsCybersecurity ServicesICT CybersecurityFIPS 140-3

FIPS 140-3 Certification

What is FIPS 140-3?

Federal Information Processing Standard or FIPS 140-3 Certification is the standard for validating the effectiveness of cryptographic modules.
Although FIPS 140-3 is a U.S./Canadian Federal standard, FIPS 140-3 compliance has been widely adopted around the world in both governmental and non-governmental sectors as a practical security benchmark and realistic best practice.
FIPS 140-3 is based on ISO/IEC 19790, an international standard. Several countries also issue certificates according to ISO/IEC 19790.
Organizations use the FIPS 140-3 standard to ensure that the hardware, software or firmware they select meets specific security functional requirements and approved algorithms.

DEKRA, Certified Body for ISO/IEC 19790 Certification

At DEKRA we are pioneering in the creation of an ISO/IEC 19790 private scheme for cryptographic module certification.This scheme is supported by our Conformity Assessment Body, which holds an accredited ISO/IEC 17065 Certification Body and an accredited ISO/IEC 17025 Laboratory.
This certification provides a foundational framework that simplyfies the path to FIPS 140-3, by making it easier to submit the required documentation and demonstrate compliance with most FIPS 140-3 security requirements.

FIPS 140-3 Certification Security Levels

The FIPS 140-3 certification standard defines four increasing, qualitative levels of security:
  • Level 1: Validation of at least one approved algorithm or security function. Requires explicit or implicit authentication, production-grade components and functional testing.
  • Level 2: Requires role-based authentication and physical security requirements for tamper evidence.
  • Level 3: Requires identity-based authentication.
  • Adds requirements for physical tamper-resistance and environ-mental conditions for temperature and voltage. Trusted channel for the transmission of unprotected key material.
  • Level 4: Requires multifactor-based authentication. Adds requirements for tamper detection and response envelope, EFP and fault injection mitigation.
Additional validation programs:
Cryptographic Algorithm Validation Program (CAVP)
provides validation testing of Approved (i.e., FIPS-approved and NIST-recommended) cryptographic algorithms and their individual components. Cryptographic algorithm validation is a prerequisite for cryptographic module validation.

What is tested in FIPS 140-3?

Each one of the FIPS 140-3 levels focuses on eleven functional areas of product security related to secure design and implementation.
At each level, greater amount of evidence and engineering is required from the product manufacturer in order to show compliance with the standard.
The functional areas that must be addressed are:
  • Cryptographic module specification
  • Cryptographic module interfaces
  • Roles, services, and authentication
  • Software/Firmware security
  • Operational environment
  • Physical security
  • Non-invasive security
  • Sensitive security parameter management
  • Self-tests
  • Life-cycle assurance
  • Mitigation of other attacks

Certifying your Cryptographic Module with DEKRA

We understand that achieving FIPS 140-3 Certification represents a significant investment by our customers.
We help our clients to gain a FIPS 140-3 certificate as quickly as possible (on time and on budget). Our validation procedures are fully optimized to minimize the impact on our customers’ resources. We conduct a fast and smooth testing process.

Our Services

  • Pre-assessment
  • CAVP certification
  • ESV certification
  • CMVP certification (FIPS 140-3 and FIPS 140-2 cert maintenance)
  • FIPS 140-3/CAVP/ESV training
  • Compliance letters

Why DEKRA

At DEKRA we are committed to supporting our customers with their FIPS 140-3 and ISO 19790 certification needs. We understand the pressures of validating a product or implementation against demanding technical requirements with stringent time constraints, so we stand by our customers by providing timely and professional support. Our goal is to complete the lab work efficiently and within the committed time at a reasonable price.
Related Services

Common Criteria ISO/IEC 15408

Common Criteria is a Certification Framework to evaluate and certify cybersecurity requirements in IT products.
Details

Cloud Application Security Assessment

Ensure your data security with CASA, preventing threats and increasing consumer trust.
Details

ISO/IEC 19790

DEKRA's private certification scheme provides a framework for certifying cryptographic modules, offering transparency to users and stakeholders.
Details

EUCC Scheme

EUCC services, based on Common Criteria (ISO/IEC 15408), ensure ICT products meet EU cybersecurity requirements.
Details

eIDAS 2.0

We help trust service providers and organizations comply with eIDAS 2.0 Regulation through expert audit services that strengthen digital identity security.
Details

LINCE-Certification

Qualify your ICT products with LINCE certification for inclusion in the Spanish CPSTIC product catalogue and comply with national IT security requirements.
Details

Cybersecurity Testing & Certification

Cybersecurity Evaluations and Certifications for a Safe, Secure and Reliable Future.
Details
Contact
Share page :