FIPS 140

The Federal Information Processing Standard 140 is a series of standards concerning cryptographic modules, both in hardware and software. The current version is FIPS 140-2, but a third is in development.

The latest version can be found on the NIST website

It defines a number of levels of security, that a certain module can be certified for, in short:

• Level 1: This is the lowest level. A security level 1 cryptographic module does not have to have physical protection, and only need to incorporate one approved algorithm or function.
• Level 2: Security level 2 requires tamper evidence to be added to the module, as well as role-based authentication.
• Level 3: In addition to tamper evidence, for security level 3, a module must also provide tamper resistance. This level also requires identity-based authentication.
• Level 4: This is the highest level specified by FIPS 140. This level requires complete protection around the cryptographic module, detecting and responding to all unauthorized attempts at physical access, as well as environmental anomalies (power fluctuations, extreme temperatures).