Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

FIPS 140-3

Security Requirements for Cryptographic Modules

Date Published: March 22, 2019

Supersedes: FIPS 140-2 (12/03/2002)

Planning Note (05/01/2019):

See the FIPS 140-3 Transition project for the following information:


National Institute of Standards and Technology



computer security; telecommunication security; physical security; software security; cryptography; cryptographic modules; Federal Information Processing Standard (FIPS); ISO/IEC 19790:2012; ISO/IEC 24759:2014
Control Families

None selected


Download URL

Supplemental Material:
Cryptographic Module Validation Program (CMVP)
NIST News Article

Related NIST Publications:
ITL Bulletin
SP 800-140

Document History:
07/13/07: FIPS 140-3 (Draft)
12/11/09: FIPS 140-3 (Draft)
03/22/19: FIPS 140-3 (Final)