FIPS 140-2

The Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS PUB 140-2), is a U.S. government computer security standard used to approve cryptographic modules.

FIPS 140-2┬ádefines four levels of security, simply named “Level 1” to “Level 4”. It does not specify in detail what level of security is required by any particular application.

FIPS Level
Level 1

FIPS 140-2 Level 1 the lowest, imposes very limited requirements; loosely, all components must be “production-grade” and various egregious kinds of insecurity must be absent.

FIPS Level
Level 2

FIPS 140-2 Level 2 adds requirements for physical tamper-evidence and role-based authentication.

FIPS Level
Level 3

FIPS 140-2 Level 3 adds requirements for physical tamper-resistance (making it difficult for attackers to gain access to sensitive information contained in the module) and identity-based authentication, and for a physical or logical separation between the interfaces by which “critical security parameters” enter and leave the module, and its other interfaces.

FIPS Level
Level 4

FIPS 140-2 Level 4 makes the physical security requirements more stringent, and requires robustness against environmental attacks.