Verified by Priya Mervana, Verified Web Security Expert, SSLInsights.com - Last reviewed: May 2026 | Based on 10+ years of experience across SSL/TLS, cryptographic compliance, and NIST standards.
QUICK DEFINITION
FIPS 140 (Federal Information Processing Standard 140) is a U.S. government security standard published by NIST that defines requirements for cryptographic modules protecting sensitive but unclassified information. FIPS 140-2 is the current widely-validated version, published in 2001; FIPS 140-3 is its 2019 replacement, now the only standard accepted for new module validations since September 2026.
What is the difference between FIPS 140-2 and FIPS 140-3?
FIPS 140-3 replaces FIPS 140-2 as the mandatory U.S. government standard for cryptographic module validation. The key changes are: mandatory side-channel attack testing at all security levels (not just Levels 3–4), removal of "Allowed" algorithms in favor of NIST-Approved algorithms only, enhanced entropy and key generation requirements, tighter physical security controls for Levels 2 and 3, and mandatory vendor support services including vulnerability disclosure. Organizations using FIPS 140-2 validated modules can continue operating them during the transition; all new module procurements after September 2026 must carry FIPS 140-3 validation.
How Do FIPS 140-2 and FIPS 140-3 Compare Side by Side?
The table below captures every FIPS 140-2 vs FIPS 140-3 comparison dimension that matters for procurement and compliance decisions:
| Feature | FIPS 140-2 | FIPS 140-3 |
| Published | 2001 | 2019 |
| Status | Retired for new submissions (Sept 2021) | Active - only accepted standard for new validations |
| Cryptographic Algorithms | Approved + Allowed algorithms | Approved algorithms only |
| Side-Channel Testing | Levels 3–4 only | Mandatory at all levels (1–4) |
| Physical Security | Basic tamper-evidence | Enhanced tamper-evidence + identity-based authentication at Levels 2–3 |
| Software/Firmware | Limited vetting | Full component documentation + version control required |
| Entropy Assessment | Basic RNG requirements | Continuous statistical entropy testing required |
| Key Generation | Basic requirements | Derivability + predictability requirements added |
| Vendor Support Services | Not required | Mandatory: vulnerability reporting and patch resolution |
| Existing Module Validity | Valid through transition period | FIPS 140-2 modules remain usable; new acquisitions need 140-3 |
What Is FIPS 140-2?
FIPS 140-2 is the cryptographic module security standard published by NIST in May 2001. For over two decades it served as the baseline certification required for cryptographic products used in U.S. federal government systems and adopted globally by financial institutions, healthcare organizations, and enterprises handling sensitive data.
The standard defines four security levels. A validated module can appear on NIST's Cryptographic Module Validation Program (CMVP) active list - a requirement for modules used in federal procurement and, by extension, many regulated private-sector applications. NIST stopped accepting new FIPS 140-2 validation submissions in September 2021, and existing certificates were placed on the "Historical" list beginning September 2026.
For organizations evaluating is FIPS 140-2 still valid: yes, modules with active or historical FIPS 140-2 certificates can continue to operate in existing deployments. The restriction applies to new acquisitions and new validation submissions.
What Is FIPS 140-3?
FIPS 140-3 is NIST's 2019 update that supersedes FIPS 140-2. It aligns U.S. cryptographic module requirements with the international ISO/IEC 19790:2012 standard, making it the first FIPS 140 version with direct international harmonization. The standard retains the four-level security framework but raises the bar at every level.
The first FIPS 140-3 validation certificates were issued in 2020. As of 2024, CMVP had issued over 500 FIPS 140-3 certificates, with major vendors including Microsoft, AWS, and Thales among early validated providers. Understanding the FIPS 140-3 compliance requirements now is essential for any organization planning hardware security module (HSM) procurement or cryptographic library selection through 2026 and beyond.
What Are the Key Differences Between FIPS 140-2 and FIPS 140-3?
Does FIPS 140-3 change which cryptographic algorithms are accepted?
Yes - this is one of the most operationally significant FIPS 140-3 new requirements. FIPS 140-2 recognized two categories: Approved algorithms (endorsed by NIST) and Allowed algorithms (not fully endorsed but tolerated in certain contexts, such as Triple-DES and some legacy key agreement schemes).
FIPS 140-3 eliminates the "Allowed" category entirely. Only NIST-Approved algorithms are acceptable. This directly affects modules that relied on Triple-DES, older Diffie-Hellman key agreement parameters, or legacy hash functions - all of which require replacement before a module can achieve FIPS 140-3 validation. For organizations using encryption products that rely on legacy algorithm support, this is the first checkpoint in any upgrade assessment.
How does the FIPS 140-3 side-channel testing requirement change things?
This is the most technically demanding FIPS 140-3 vs FIPS 140-2 side-channel testing change. Side-channel attacks extract secrets not by breaking the algorithm mathematically but by analyzing observable characteristics of a device's operation - power consumption patterns, electromagnetic emissions, timing variations, or acoustic signals.
Under FIPS 140-2, side-channel testing was required only at Security Levels 3 and 4. FIPS 140-3 makes it mandatory at Level 1. This means every cryptographic module - including software-only implementations - must now demonstrate resistance to non-invasive side-channel analysis (specifically, per the ISO/IEC 17825 standard for non-invasive attack mitigation). Vendors that previously achieved Level 1 or Level 2 validation without side-channel testing must add this capability before revalidating.
What are the FIPS 140-3 physical security requirements?
The FIPS 140-3 physical security requirements add two provisions absent in FIPS 140-2 at Levels 2 and 3:
- Identity-based authentication is now required to access interfaces and services, replacing role-based authentication at these levels
- Tamper-evident coatings or seals must provide unambiguous visual indication of tampering - "unambiguous" is a new specification; FIPS 140-2 only required "tamper-evident" without the visibility standard
At Level 4, the existing environmental failure protection requirements are retained with no significant changes.
How do FIPS 140-3 entropy and key generation requirements differ?
The FIPS 140-3 entropy requirements address a weakness in FIPS 140-2's approach to random number generation. FIPS 140-2 required basic validation of RNG mechanisms. FIPS 140-3 requires:
- Continuous entropy health testing during operation (not just at startup)
- Compliance with SP 800-90B for entropy source validation
- Derivability and predictability resistance requirements for keys generated within the module
This is particularly relevant for hardware security modules (HSMs) and TPM vs HSM comparisons where key generation security directly determines whether a module qualifies for high-assurance use cases.
What vendor support services does FIPS 140-3 require?
FIPS 140-2 had no mandatory post-validation support obligations. FIPS 140-3 introduces formal support service requirements: vendors must maintain vulnerability reporting channels and commit to defined resolution processes for security issues discovered in validated modules. This shifts cryptographic module compliance from a point-in-time certification to a continuous operational obligation - a significant procurement consideration.
What Are the Four FIPS 140 Security Levels?
Understanding FIPS 140 security levels explained is essential before selecting any validated product. Each level encapsulates all requirements of the levels below it.
- Level 1 - Minimum security: approved algorithms, basic software security, and no physical security requirements. Suitable for low-risk software applications. Now requires side-channel testing under FIPS 140-3.
- Level 2 - Adds tamper-evidence (seals, coatings, pick-resistant locks) and role-based authentication. Under FIPS 140-3, identity-based authentication is required at this level. Appropriate for most enterprise deployments.
- Level 3 - Requires tamper-detection and response (module zeroes CSPs on tamper detection), identity-based authentication, and physical/logical separation between interfaces. This is FIPS 140 level 2 vs level 3's critical dividing line for high-security HSM deployments.
- Level 4 - Maximum assurance: full environmental failure protection (voltage, temperature), formal security policy modeling, and complete physical envelope protection. Reserved for the most sensitive government and defense applications.
Which FIPS 140 level for financial applications?
Level 2 is the broadly accepted minimum for payment systems and financial institutions. Organizations processing high-value transactions or operating in regulated environments (PCI-DSS, SOX) typically target Level 2 or Level 3 for HSMs protecting private keys.
What Is the FIPS 140-2 to FIPS 140-3 Transition Timeline?
The FIPS 140-3 transition deadline history, in plain terms:
- September 2021: NIST stopped accepting new FIPS 140-2 validation submissions
- 2020–2024: FIPS 140-3 certificates issued alongside active FIPS 140-2 certificates
- September 2026: FIPS 140-2 certificates moved to NIST's "Historical" list - still usable in existing deployments, but no longer recognized as "active" for new procurement specifications
Is FIPS 140-2 still valid for existing systems?
Yes - the CMVP explicitly allows continued use of historically-listed modules in existing deployments. The restriction is on new acquisitions. Federal agency contracts issued after September 2026 must specify FIPS 140-3 validated products for new cryptographic module procurement.
How long does FIPS 140-3 validation take?
Based on CMVP historical processing times, vendor testing and lab review typically range from 12 to 24 months from submission to certificate issuance. Organizations planning 2026–2027 procurement cycles should initiate vendor validation conversations now.
What Are the Impacts of FIPS 140-3 on Different Stakeholders?
For Vendors: Do I need to revalidate for FIPS 140-3?
Yes, for any module submitted after September 2021. Vendors must redesign products to meet side-channel testing requirements, eliminate Allowed algorithms, document all software/firmware components, and establish vulnerability management processes. The development and testing cost for a new FIPS 140-3 validation typically runs higher than a previous 140-2 re-validation due to the side-channel testing addition.
For Cryptographic Module Users
Existing validated deployments can continue operating. Do I need to revalidate for FIPS 140-3 if I'm already using a validated module? No - not for existing systems. Procurement teams must update RFP language to require FIPS 140-3 for all new purchases. Budgeting for replacement of modules using legacy Allowed algorithms (Triple-DES, older EC parameters) should be factored into 2025–2027 security roadmaps.
For Auditors and Assessors
Familiarity with the ISO/IEC 19790:2012 framework is now essential, as FIPS 140-3 testing procedures reference it directly. Side-channel analysis review, entropy assessment documentation, and software/firmware component vetting are new areas requiring competency. Understanding certificate authority validation processes alongside CMVP validation helps contextualize the verification chain for clients.
For Government Agencies
FIPS 140-2 retirement date for procurement purposes is effectively September 2026 for new acquisitions. Agencies with legacy systems using FIPS 140-2 modules may continue using them under existing authorizations. New system authorizations and authority-to-operate (ATO) processes should require FIPS 140-3 validation in all RFP and contract language.
Priya Mervana
SSL Security Researcher, SSLInsights.com
"The shift from FIPS 140-2 to FIPS 140-3 isn't just a paperwork update - the mandatory side-channel testing at Level 1 is a genuine technical hurdle that caught many software-only cryptographic library vendors off-guard. In my work reviewing compliance roadmaps for organizations running CMVP-validated modules, the most common gap I see is procurement teams writing FIPS 140-2 requirements into RFPs in 2025, unaware that any new module acquired under those specs will immediately be on the historical list. Get your vendor list updated before the next procurement cycle."
PRACTITIONER'S NOTE
The single most avoidable compliance failure I see is organizations discovering mid-procurement that their shortlisted module only holds a FIPS 140-2 historical certificate. Always verify current validation status directly on the NIST CMVP active list at csrc.nist.gov/projects/cryptographic-module-validation-program before finalizing any vendor selection. The active list is updated frequently, and a module advertised as "FIPS 140-3 pending" is not the same as validated. For organizations in the U.S. federal supply chain, requiring the certificate number in the RFP response eliminates ambiguity entirely. One other practical note: if your vendor cannot confirm which cryptographic algorithms their module uses internally, that is a red flag regardless of which standard version they claim - demand the Security Policy document that accompanies every CMVP certificate.
– Priya Mervana | Verified Web Security Expert, SSLInsights.com
Frequently Asked Questions About FIPS 140-2 vs FIPS 140-3
What is the difference between FIPS 140-2 and FIPS 140-3?
FIPS 140-3 is NIST's 2019 replacement for FIPS 140-2, the 2001 cryptographic module standard. The primary differences are: mandatory side-channel testing at all security levels (FIPS 140-2 required it only at Levels 3–4), elimination of "Allowed" algorithms in favor of Approved-only, enhanced entropy testing requirements per SP 800-90B, stronger physical security at Levels 2–3 with identity-based authentication, and mandatory vendor vulnerability management. FIPS 140-3 also aligns with ISO/IEC 19790:2012, giving it international recognition that FIPS 140-2 lacked.
Is FIPS 140-2 still valid after the transition?
Yes, with an important distinction. Existing deployments using FIPS 140-2 validated modules can continue operating - NIST does not require organizations to immediately replace compliant systems. However, FIPS 140-2 certificates moved to the NIST "Historical" list in September 2026, meaning new acquisitions and new system builds must specify FIPS 140-3 validated products.
When is the FIPS 140-3 transition deadline?
NIST stopped accepting new FIPS 140-2 submissions in September 2021. FIPS 140-2 certificates were formally moved to the historical list in September 2026. Organizations should treat September 2026 as the effective compliance deadline for updating procurement specifications to require FIPS 140-3 validation.
Do I need to revalidate my current FIPS 140-2 modules for FIPS 140-3?
No, existing validated modules do not require immediate revalidation for ongoing use. Revalidation to FIPS 140-3 is required when: (a) a vendor makes changes to a previously validated module, (b) an organization is procuring new modules, or (c) a new system ATO process specifies FIPS 140-3. Plan revalidation into hardware and software refresh cycles, not as an emergency response.
How long does FIPS 140-3 validation take?
Based on CMVP processing history, the full validation cycle - vendor development, accredited lab testing, NIST review, and certificate issuance - typically runs 12 to 24 months. Complex hardware modules with side-channel testing requirements often fall at the longer end. Organizations should initiate vendor validation inquiries 18–24 months ahead of procurement targets.
Which FIPS 140 security level is right for financial applications?
FIPS 140 Level 2 is the accepted minimum for financial applications including payment systems, banking HSMs, and applications subject to PCI-DSS. Level 3 is commonly specified for HSMs that protect private keys for certificate authorities or high-value transaction signing. Level 4 is rare outside defense and intelligence applications. The SSL certificate and key management infrastructure supporting financial systems typically targets Level 2 or Level 3.
Priya Mervana
Verified Web Security Experts
Priya Mervana is working at SSLInsights.com as a web security expert with over 10 years of experience writing about encryption, SSL certificates, and online privacy. She aims to make complex security topics easily understandable for everyday internet users.
