FIPS 140-3 Certification

FIPS 140

FIPS 140 standards are a set of security requirements for cryptographic modules defined by the National Institute of Standards and Technology (NIST)¹ and managed by both the United States and Canada, as part of the Cryptographic Module Validation Program (CMVP)². FIPS 140-validated modules are mandatory for protecting cryptographic keys and performing cryptographic operations for many government applications. It has become the de facto standard in many other countries and in the private sector, particularly in the financial and payment industries, as FIPS 140 validated HSMs provide confidence and trust when securing cryptographic infrastructures.

FIPS 140-2 is the current version and has been in force since May 2001. It defines a total of 4 security levels and 11 areas of cryptographic product design and implementation. These include key management; interfaces; roles; services and authentication; and operating systems. More information about FIPS 140-2 can be found in the Landing Securely on Regulatory Compliance with Thales Luna HSMs blog post.

FIPS 140-3

FIPS 140-3 will supersede FIPS 140-2 and is based on existing international standards with some modifications:

• ISO/IEC 19790:2012

  Security Requirements for Cryptographic Modules

  ISO/IEC 19790:2012³ lists the security requirements for a cryptographic module utilized within a security system protecting sensitive information in computer and telecommunication systems. This International Standard defines four security levels for cryptographic modules to provide for a wide spectrum of data sensitivity (e.g. low value administrative data, million dollar funds transfers, life protecting data, personal identity information, and sensitive information used by government) and a diversity of application environments (e.g. a guarded facility, an office, removable media, and a completely unprotected location).

• ISO/IEC 24759:2017

  Test Requirements for Cryptographic Modules

  ISO/IEC 24759:2017⁴ specifies the methods to be used by accredited laboratories to test whether the cryptographic module conforms to the requirements specified in ISO/IEC 19790:2012. The methods are developed to provide a high degree of objectivity during the testing process and to ensure consistency across the testing laboratories.

The difference between FIPS 140-2 and FIPS 140-3

FIPS 140-3 special publications⁵ include information on a variety of requirements including: derived tests; documentation; security policies; security functions; security parameters; authentication; and non-invasive attack mitigation. Many of these changes are still not finalized, but some of the more interesting changes include:

• Stricter integrity test requirements:
  • Level 2 modules must provide software/firmware integrity testing using digital signatures or HMAC (hash-based message authentication code)
  • Level 3 and Level 4 modules must provide integrity using digital signatures only
• New required service -- to output the module name/identifier and version that can be mapped to validation records/certificates
• Key zeroization is required -- for ALL unprotected “Sensitive Security Parameters” (SSP) at all levels, including public keys:
  • Level 2+ require a status indicator when the zeroization process is completed
  • Zeroization of unprotected SSPs can still be done procedurally at Level 1 only
• Roles, services and authentication – must be met by a cryptographic module’s implementation (not through policy, rules, etc.), for example password size restrictions
• Non-invasive security – is required for hardware and firmware components of a module, optional for software modules operating in a modifiable operating environment, and the module must protect against a list of non-invasive attacks
• Lifecycle assurance -- vendor testing -- vendors need to perform their own testing on a module, in additional to the validation lab testing
• Operational environment -- software modules no longer need to operate in a Common Criteria (CC) evaluated OS or ‘trusted operating system’ in order to meet Level 2 requirements, however, these Level 2 modifiable operational environments require an audit mechanism

Important milestones

• March 22, 2019 – the Secretary of Commerce approved FIPS 140-3 Security Requirements for Cryptographic Modules
• September 22, 2019 -- FIPS 140-3 became effective
• September 22, 2020 -- FIPS 140-3 testing begins through the CMVP
• September 22, 2021 – only FIPS 140-3 submissions accepted

Transitioning to FIPS 140-3

FIPS 140-2 will be around for a while. Modules can still be submitted and validated to FIPS 140-2 until September 22, 2021. Existing FIPS 140-2 certificates will not be revoked as part of the transition. In fact, FIPS 140-2-certified modules will be valid for a further five years until September 2026.

CMVP will start accepting FIPS 140-3 submissions only on September 22, 2020. After September 22, 2021, only FIPS 140-3 submissions will be accepted.

¹https://csrc.nist.gov/publications/detail/fips/140/2/final

²https://csrc.nist.gov/projects/cryptographic-module-validation-program

³https://www.iso.org/standard/52906.html

⁴https://www.iso.org/standard/72515.html

⁵https://csrc.nist.gov/projects/fips-140-3-transition-effort/transition-to-fips-140-3

FIPS compliance is critical to working in any regulated industry that stores or collects sensitive information. Thales realizes its importance and has been actively involved in forums and working groups to help define FIPS 140-3, such as the Cryptographic Module User Forum (CMUF) – a group established between labs, vendors and CMVP to help identify improvements for CMVP, and develop documents and map Detailed Test Requirements to ISO 24759.

What’s next?

For the time being there are no actions required on your part. All Thales Luna HSMs are FIPS 140-2 Level 3-validated, offering high assurance encryption key and digital identity protection in tamper-evident hardware roots of trust. Thales will continue working towards FIPS 140-3 validation and enable its customers and partners to benefit from the validation. As in past, early FIPS 140-3 adopters are expected to face challenges in testing and implementation, but we are committed to help clarify and demystify FIPS 140-3. Once the Luna HSMs have been validated to the new standard, we will ensure an easy migration.

Thales can help

Compliance and certifications have always formed a critical part of the Thales product offering. Thales Luna HSMs are validated not only to FIPS 140, but also Common Criteria (CC), Electronic Identification, Authentication and Trust Services (eIDAS), Singapore National Information Technology Security Evaluation Scheme (NITES), Brazil ITI, and more.

Contact us to discuss how Thales can support your migration to new FIPS 140-3-validated products and watch for more blogs and information as FIPS 140-3 milestones are met.