• What is FIPS 140-2?

    Back to GlossaryBack to Glossary
    What does it mean to be FIPS 140-2 Certified/Validated?

    To be FIPS 140-2 certified or validated, the software (and hardware) must be independently validated by one of 13 NIST specified laboratories, this process can take weeks. The FIPS 140-2 validation process examines the cryptographic modules. Level 1 examines the algorithms used in the cryptographic component of the software. Levels 2-4 build on the software component by adding different layers of physical security. The YubiKey FIPS Series meets Level 3 requirements (AAL3) which means that the code is within a tamper-proof container so that keys used in the cryptography are destroyed if the device is physically compromised.

    Why is the FIPS standard important?

    The government benchmark for security is FIPS 140-2. Being FIPS 140-2 certified tells users that a certain product has passed the rigorous testing and validations that go into securing some of the nation’s most sensitive information. Originally adopted in the US, FIPS is also making its way to other countries as well like Canada and Japan.

    Other than government do any other industries use FIPS 140-2?

    Healthcare, protected health information (PHI) for patients deserves the highest level of data privacy

    Financial services, in order to meet compliance regulations and security audits, strong MFA of users is needed to secure data.

    Manufacturing, there are some government regulations regarding data that manufacturing industries to be sensitive too

    Learn More

    Developer Resources