• FIPS Evaluations

    Download FIPS 140-3 Brochure
Data security is crucial in today's interconnected world
Without proper protection, sensitive information on your systems is vulnerable to cyberattacks. U.S. Federal Information Processing Standards (FIPS) 140-3 provides a standardized set of security requirements for cryptographic modules. It can be applied across multiple industries to enhance the protection of sensitive information in computer and telecommunication systems. Validation to the standard provides assurance that products are secure, trustworthy and meet industry and government requirements.

SGS Brightsight offers comprehensive solutions to help you successfully access target markets in the United States with security compliant products, enabling risk mitigation and market differentiation.

FIPS 140-3
Developed by the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS), FIPS 140-3 supersedes FIPS 140-2 and became effective on September 2019. It is based directly upon International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 19790 and ISO/IEC 24759.
Security requirements for cryptographic modules
The requirements defined in FIPS 140-3 and associated guidance are applicable to cryptographic modules that are used to protect data in any security system. It provides four increasing, qualitative levels of security (Level 1 to Level 4) and can be used in a wide variety of applications and environments where cryptographic modules are deployed. 
CMVP & NVLAP Programs
The Cryptographic Module Validation Program (CMVP) is a joint effort between NIST and CCCS and is responsible for validating cryptographic modules to FIPS 140-3. Compliance to the CMVP requires validation by a Cryptographic and Security Testing (CST) laboratory accredited under the National Voluntary Laboratory Accreditation Program (NVLAP). 
Our Services
As an NVLAP accredited CST, we offer comprehensive cryptographic module conformance testing and evaluation services for all aspects of FIPS 140-3. Our scope encompasses the full range of consultancy, assessment and monitoring solutions for pre-evaluation, security evaluation and post-evaluation.
SGS Brightsight FIPS Services
Why SGS Brightsight?
With over 35 years of experience in cybersecurity and a growing global network of specialist testing facilities, SGS Brightsight is the world’s number one security evaluation service provider with over 700 security evaluations completed every year. With specialists in all market segments, including payment, medical, automotive, industrial and consumer IoT, we understand the technical requirements relevant to your cryptographic module and we have the capabilities in place to help you deliver cybersecure products.

Our experts support the streamlining of evaluation criteria into a single assessment process that incorporates all relevant global, regional and vendor requirements. SGS Brightsight is your first choice for independent testing and developer support services when you want to efficiently deliver secure and compliant cryptographic modules.