FIPS 140-2

FIPS 140-2 is the most commonly referenced cryptography standard published by NIST.  “FIPS 140-2 cryptography” is a phrase used to indicate that NIST has tested a particular cryptography implementation and found that it meets FIPS 140-2 requirements. Among other things, FIPS 140-2 specifies which encryption algorithms (AES and Triple DES), minimum bit lengths, hash algorithms[..]

FIPS 140-3

FIPS 140-3 will soon replace FIPS 140-2 as the standard NIST uses to validate cryptographic libraries. The standard is still in draft status, but could be issued in 2011. FIPS 140-2 has four levels of security: most cryptographic software uses “Level 1” and most cryptographic hardware uses “Level 3”.  FIPS 140-3 expands that to five[..]

FIPS Compliant

“FIPS compliant” is a slippery phrase that often indicates that the cryptography used in a particular solution implements some or all the algorithms specified in FIPS 140-2 (e.g., AES) but that the underlying cryptography component has not been validated by NIST laboratories. “FIPS validated” is much stronger statement.

FIPS Validated

“FIPS validated” is a label that indicates that the cryptography used in a particular solution implements some or all the algorithms specified in FIPS 140-2 (e.g., AES) and that the underlying cryptography component has been validated by NIST laboratories.  See “FIPS compliant” for a weaker statement.