Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Use of FIPS 140-3 or FIPS 140-2 Logo and Phrases

What are the official FIPS 140-3 validated product logos?

FIPS 140-3 validated product logo image in black and white or FIPS 140-3 validated product logo image in color

For validated products, the logo must be accompanied by the "FIPS 140-3 Validated" and the certificate number. If a product has a FIPS 140-3 module internal to the product, "FIPS 140-3 Inside" and the certificate number must also accompany the logo. The FIPS 140-3 logo is a Certification Mark of NIST, which does not imply product endorsement by NIST, the U.S. or Canadian Governments.

What are the guidelines for the use of the FIPS 140-3 logo? 

Both phrases "FIPS 140-3 Validated" and "FIPS 140-3 Inside" when used with the FIPS 140-3 logo are intended for use in association with cryptographic modules validated by the National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS) as complying with the FIPS 140-3, Security Requirements for Cryptographic Modules. The FIPS 140-3 logo is a Certification Mark of NIST, which retains exclusive rights to their use. 

Vendors of validated cryptographic modules or vendors integrating a validated cryptographic module into a product may use the phrase and logo in accordance with the following:

  1. Permission for advertising FIPS 140-3 validation and use of the logo is conditional on and limited to those cryptographic modules validated by NIST and CCCS as complying with the FIPS 140-3 only.  A cryptographic module may either be a component of a product, or a standalone product.
     
  2. Use of the FIPS 140-3 Logo on product reports, letterhead, brochures, marketing material, and product packaging shall be accompanied by the following:

The phrase “FIPS 140-3 validated, Certificate # [INSERT CERTIFICATE  #]" if the cryptographic module is a product.

The phrase “FIPS 140-3 Inside [INSERT CERTIFICATE #]” if the product contains a FIPS 140-3 validated module. 

Use of the phrase and logo as specified above pertains only to an active or historical FIPS 140-3 validation that is listed on the CMVP Validated Modules webpage.

NIST reserves the right to control the quality of the use of the phrases "FIPS 140-3 validated" and "FIPS 140-3 Inside" as well as the logo.  Permission for the use of the phrases and of the respective logo may be revoked at the discretion of NIST.  FIPS 140-3 validation in no way constitutes or implies product endorsement by NIST or CCCS.

How can electronic images of the logos be obtained from NIST?

Electronic copies of the logo are available for FIPS 140-3 validated modules from NIST. The FIPS 140-3 Logo Form must be completed and returned to NIST. Multiple certificate numbers may be included on a single form. Each request only applies to the certificates listed on the form. If a product vendor includes a validated module within one or more of their products, only one form needs to be submitted by that vendor. Each vendor must return a completed form.

What process does the CMVP follow if informed by 3rd parties regarding the unapproved use of the trademarked logo or use of an unapproved logo?

The CMVP will review the information provided and contact the parties that may be using the NIST Certificate Mark without consent. If consent was not given, the CMVP will ask that the use of the Certification Mark be discontinued. If not, the CMVP will pass the information to the NIST legal counsel for resolution and follow up.

If you have any questions, please contact cmvp@nist.gov.

What are the official FIPS 140-2 validated product logos?

FIPS 140-2 validated product logo image in black and white or FIPS 140-2 validated product logo image in color

For validated products, the logo must be accompanied by the "FIPS 140-2 Validated" and the certificate number. If a product has a FIPS 140-2 module internal to the product, "FIPS 140-2 Inside" and the certificate number must also accompany the logo. The FIPS 140-2 logo is a Certification Mark of NIST, which does not imply product endorsement by NIST, the U.S. or Canadian Governments.

What are the guidelines for the use of the FIPS 140-2 logo? 

Both phrases "FIPS 140-2 Validated" and "FIPS 140-2 Inside" when used with the FIPS 140-2 logo are intended for use in association with cryptographic modules validated by the National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS) as complying with the FIPS 140-2, Security Requirements for Cryptographic Modules. The FIPS 140-2 logo is a Certification Mark of NIST, which retains exclusive rights to their use. 

Vendors of validated cryptographic modules or vendors integrating a validated cryptographic module into a product may use the phrase and logo in accordance with the following:

  1. Permission for advertising FIPS 140-2 validation and use of the logo is conditional on and limited to those cryptographic modules validated by NIST and CCCS as complying with the FIPS 140-2 only.  A cryptographic module may either be a component of a product, or a standalone product.
     
  2. Use of the FIPS 140-2 Logo on product reports, letterhead, brochures, marketing material, and product packaging shall be accompanied by the following:

The phrase “FIPS 140-2 validated, Certificate # [INSERT CERTIFICATE  #]" if the cryptographic module is a product.

The phrase “FIPS 140-2 Inside [INSERT CERTIFICATE #]” if the product contains a FIPS 140-2 validated module. 

Use of the phrase and logo as specified above pertains only to an active or historical FIPS 140-2 validation that is listed on the CMVP Validated Modules webpage.

NIST reserves the right to control the quality of the use of the phrases "FIPS 140-2 Validated" and "FIPS 140-2 Inside" as well as the logo.  Permission for the use of the phrases and of the respective logo may be revoked at the discretion of NIST.  FIPS 140-2 validation in no way constitutes or implies product endorsement by NIST or CCCS.

How can electronic images of the logos be obtained from NIST?

Electronic copies of the logo are available for FIPS 140-2 validated modules from NIST. The FIPS 140-2 Logo Form must be completed and returned to NIST. Multiple certificate numbers may be included on a single form. Each request only applies to the certificates listed on the form. If a product vendor includes a validated module within one or more of their products, only one form needs to be submitted by that vendor. Each vendor must return a completed form.

What process does the CMVP follow if informed by 3rd parties regarding the unapproved use of the trademarked logo or use of an unapproved logo?

The CMVP will review the information provided and contact the parties that may be using the NIST Certificate Mark without consent. If consent was not given, the CMVP will ask that the use of the Certification Mark be discontinued. If not, the CMVP will pass the information to the NIST legal counsel for resolution and follow up.

If you have any questions, please contact cmvp@nist.gov.

Created October 11, 2016, Updated November 19, 2024