The IT Law Wiki


NIST, Security Requirements for Cryptographic Modules (FIPS 140-2) (May 25, 2001) (full-text).


FIPS 140-2 specifies the security requirements for a cryptographic module used within a security system protecting sensitive information in computer and telecommunication systems (including voice systems) and provides four increasing, qualitative levels of security intended to cover a wide range of potential applications and environments. Agencies are required to encrypt agency data, where appropriate, using NIST-validated cryptographic modules as specified in FIPS 140-2.

This standard is used to ensure encryption technologies used by the U.S. Government meet minimally acceptable requirements and can demonstrate an acceptable level of conformance to the standard that is commensurate with the risk the U.S. Government finds acceptable when using encryption technologies to protect U.S. Government information and information systems.