FIPS 140-3 is the latest FIPS 140 standard from NIST and represents the gold standard for cryptographic module validation
PALO ALTO, Calif., Aug. 29, 2024 /PRNewswire-PRWeb/ — SafeLogic is excited to announce that its CryptoComply v3 encryption software has achieved FIPS 140-3 validation from the National Institute of Standards (NIST). FIPS 140-3 is the latest FIPS 140 standard from NIST and represents the gold standard for cryptographic module validation. CryptoComply has been issued FIPS 140-3 certificate #4781.
Achieving this validation is a testament to CryptoComply’s adherence to the most rigorous cryptographic standards. SafeLogic customers now have options to migrate from FIPS 140-2 to FIPS 140-3 either now, in 2025, or into 2026, depending on their timing preferences.
Attaining FIPS 140-3 validation requires cryptographic module vendors to comply with strict FIPS 140-3 requirements for implementing cryptographic functionality. Once a cryptographic module is designed, implemented, tested, and documented, it must go through rigorous FIPS 140-3 testing by an accredited laboratory. That testing spans activities such as code review, secure SDLC review, algorithm testing, and operational testing.
When laboratory testing is completed, the submission goes to the Cryptographic Module Validation Program (CMVP), a joint effort between NIST and the Canadian Centre for Cyber Security, which conducts its own review. The complete process often takes years. Achieving FIPS 140-3 validation, receiving a FIPS 140-3 certificate, and getting listed in the CMVP database is the culmination of all that effort and an acknowledgment that the resulting cryptographic module meets the highest standards for cryptographic implementation.
SafeLogic’s new FIPS 140-3 validated CryptoComply software is the latest addition to the company’s existing library of various FIPS 140 validated CryptoComply modules. Among these modules are those that are compatible with the OpenSSL 3.x architecture and Java. For maximum interoperability, those modules are available across a wide array of platforms (e.g., server, mobile, mainframe, embedded), operating systems (e.g., Linux, Windows, Mac, Android, iOS), and CPU architectures. The modules also offer extensive programming language support (e.g., C / C++, Java, .NET, Rust, Python, Go, etc.) and are often drop-in replacements for popular open-source cryptographic software.
All in all, SafeLogic’s FIPS 140-3 modules support dozens of Operating Environments (OEs) on which they have been rigorously tested. In fact, SafeLogic’s FIPS 140-3 validated CryptoComply v3 cryptographic software is certified across more than two dozen OEs, from mobile operating systems (e.g., iOS, iPadOS, and Android), to Windows, macOS, Windows Server, and several Linux distributions (e.g., AlmaLinux, Debian, FreeBSD, Oracle Solaris, Red Hat Enterprise Linux, Rocky Linux, SUSE Linux, and Ubuntu).
“SafeLogic is delighted to add this new FIPS 140-3 validated cryptographic module to its CryptoComply product lineup. Achieving this validation is a testament to CryptoComply’s adherence to the most rigorous cryptographic standards,” said Evgeny Gervis, SafeLogic CEO. “SafeLogic customers now have options to migrate from FIPS 140-2 to FIPS 140-3 either now, in 2025, or into 2026, depending on their timing preferences. Whatever our customers decide, SafeLogic’s FIPS 140 Validation-as-a-Service offers a unique combination of software and managed services to help our customers adopt FIPS 140-3 validated software and achieve certification in a seamless manner.”
Earlier this year, SafeLogic made its FIPS 140-3 modules available to its customers as part of an Early Access Program (EAP) because some companies have long development/release cycles and wanted early access to the software for integration testing. For SafeLogic’s subscription customers, the transition to FIPS 140-3 is covered by SafeLogic’s MaintainCert service, which is a component of SafeLogic’s broader FIPS 140 Validation-as-a-Service offering.
With MaintainCert, SafeLogic customers will be able to upgrade to this new FIPS 140-3 validated module at a time of their choosing between now and March 2026. SafeLogic’s white glove software and certification support will ensure that all of that happens smoothly. “Transitioning to FIPS 140-3 is no small undertaking. SafeLogic is proud to offer our customers a full white-glove migration path,” added Gervis.
If you are interested in SafeLogic’s latest FIPS 140-3 validated CryptoComply v3 cryptographic software, please e-mail sales@safelogic.com or contact your SafeLogic representative, who will be happy to assist you.
About SafeLogic
Founded in 2012, SafeLogic is a premier provider of cryptographic solutions that enable enduring privacy and trust in the ever-changing digital world. SafeLogic’s CryptoComply FIPS 140 validated cryptographic software modules support a broad range of platforms, programming languages, and operating environments. With its FIPS Validation-as-a-Service offering, SafeLogic expedites the delivery of FIPS 140 certificates for its CryptoComply customers. It then keeps those certificates active over time via a unique white-glove managed service that provides both software support and certification maintenance. CryptoComply is also the basis for SafeLogic’s post-quantum cryptography (PQC) capabilities, which include PQC algorithms, discovery, cryptoagility, and hybrid deployments. For more information, go to www.safelogic.com.
Media Contact
Mike Donaldson, SafeLogic, 1 3035700315, mike@safelogic.com, www.safelogic.com
View original content:https://www.prweb.com/releases/safelogics-cryptocomply-encryption-software-achieves-fips-140-3-validation-302233580.html
SOURCE SafeLogic
