The Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS PUB 140-2), is a U.S. government computer security standard used to approve cryptographic modules.
FIPS 140-2 defines four levels of security, simply named “Level 1” to “Level 4”. It does not specify in detail what level of security is required by any particular application.
FIPS 140-2 Level 1 the lowest, imposes very limited requirements; loosely, all components must be “production-grade” and various egregious kinds of insecurity must be absent.
FIPS 140-2 Level 2 adds requirements for physical tamper-evidence and role-based authentication.
FIPS 140-2 Level 3 adds requirements for physical tamper-resistance (making it difficult for attackers to gain access to sensitive information contained in the module) and identity-based authentication, and for a physical or logical separation between the interfaces by which “critical security parameters” enter and leave the module, and its other interfaces.
FIPS 140-2 Level 4 makes the physical security requirements more stringent, and requires robustness against environmental attacks.