FIPS 140 (Federal Information Processing Standards Publication 140) is a United States federal standard that specifies security requirements for cryptography modules. As of March 2005, the current version of the standard is FIPS 140-2, issued on 25 May 2001.

Purpose of FIPS 140

To lay down requirements for "cryptographic modules" (meaning both hardware and software components) used by departments and agencies of the United States federal government. FIPS 140 does not purport to provide sufficient conditions to guarantee that a module conforming to its requirements is secure, still less that a system built using such modules is secure. The requirements cover not only the cryptographic modules themselves but also their documentation and (at the highest security level) some aspects of the comments contained in the source code.

Security levels

FIPS 140 defines four levels of security, simply named "Level 1" to "Level 4". It does not specify in detail what level of security is required by any particular application.

• Level 1, the lowest, imposes very limited requirements; loosely, all components must be "production-grade" and various egregious kinds of insecurity must be absent.
• Level 2 adds requirements for physical tamper-evidence and role-based authentication.
• Level 3 adds requirements for physical tamper-resistance (making it difficult for attackers to gain access to sensitive information contained in the module) and identity-based authentication, and for a physical or logical separation between the interfaces by which "critical security parameters" enter and leave the module, and its other interfaces.
• Level 4 makes the physical security requirements more stringent, and requires robustness against environmental attacks.

Scope of requirements

FIPS 140 imposes requirements in 11 different areas:

• Cryptographic module specification (what must be documented)
• Cryptographic module parts and interfaces (what information flows in and out, and how it must be segregated)
• Roles, services and authentication (who can do what with the module, and how this is checked)
• Finite state model (documentation of the high-level states the module can be in, and how transitions occur)
• Physical security (tamper evidence and resistance, and robustness against extreme environmental conditions)
• Operational environment (what sort of operating system the module uses and is used by)
• Cryptographic key management (generation, entry, output, storage and destruction of keys)
• EMI/EMC
• Self-tests (what must be tested and when, and what must be done if a test fails)
• Design assurance (what documentation must be provided to demonstrate that the module has been well designed and implemented)
• Mitigation of other attacks (if a module is designed to mitigate against, say, TEMPEST attacks then its documentation must say how)

Brief history

FIPS 140-1, issued on 11 January 1994, was developed by a government and industry working group, composed of vendors and users of cryptographic equipment. The group identified the four "security levels" and eleven "requirement areas" listed above, and specified requirements for each area at each level.

FIPS 140-2, issued on 25 May 2001, takes account of changes in available technology and official standards since 1994, and of comments received from the vendor, tester, and user communities.

External links

• Full text of FIPS 140-2
• General information about Federal Information Processing Standards; includes pointers to FIPS 140-2 and its annexes