← Frameworks / Cryptographic Standard

FIPS 140-3 Security Requirements for Cryptographic Modules

Federal standard for cryptographic module validation derived from ISO/IEC 19790:2012. Defines four increasing security levels covering cryptographic module specification, interfaces, roles and authentication, software/firmware security, operational environment, physical security, non-invasive attack resistance, sensitive security parameter management, self-tests, and life-cycle assurance. Validated through the NIST Cryptographic Module Validation Program (CMVP) with NVLAP-accredited testing laboratories.

Clauses: 11

Avg Coverage: 70.9%

Publisher: NIST / CMVP Version: 2019

FIPS 140-3 → SP 800-53 SP 800-53 → FIPS 140-3 Coverage Analysis

Clause	Title	SP 800-53 Controls
FIPS 140-3 §7.2	Cryptographic Module Specification	SC-13 SA-04 SA-08 SA-17 CM-06
FIPS 140-3 §7.3	Cryptographic Module Interfaces	SC-13 AC-04 SC-07 SC-03
FIPS 140-3 §7.4	Roles, Services, and Authentication	AC-02 AC-05 AC-06 IA-02 IA-05 IA-07 AC-07
FIPS 140-3 §7.5	Software/Firmware Security	SI-07 CM-14 SA-10 SA-11 SC-34
FIPS 140-3 §7.6	Operational Environment	CM-06 CM-07 SC-39 SI-03 CM-02
FIPS 140-3 §7.7	Physical Security	PE-03 PE-04 PE-05 PE-06 PE-19 PE-20
FIPS 140-3 §7.8	Non-Invasive Security	PE-19 RA-03 SC-28
FIPS 140-3 §7.9	Sensitive Security Parameter Management	SC-12 SC-13 SC-17 SC-28 IA-05 MP-06
FIPS 140-3 §7.10	Self-Tests	SI-06 SI-07 CA-08
FIPS 140-3 §7.11	Life-Cycle Assurance	SA-03 SA-10 SA-11 SA-15 CM-03 CM-05 SA-04
FIPS 140-3 §7.12	Mitigation of Other Attacks	RA-03 RA-05 SI-02 RA-07 SA-11