FIPS 140-3 services from SGS

Deliver cybersecure cryptographic modules that ensure data security in a connected world

Contact us

Get in touch with us to learn more about out FIPS 140-3 services.

Brassersplein 2
2612 CT
the Netherlands
+31 (0)15 269 2500

FIPS 140-3

Developed by the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS), FIPS 140-3 supersedes FIPS 140-2 and became effective on September 2019. It is based directly upon International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 19790 and ISO/IEC 24759.

Learn More

Security Requirements for Cryptographic Modules

The requirements defined in FIPS 140-3 and associated guidance are applicable to cryptographic modules that are used to protect data in any security system. It provides four increasing, qualitative levels of security (Level 1 to Level 4) and can be used in a wide variety of applications and environments where cryptographic modules are deployed.  

Learn More
North America
12901 SE 97th Ave
STE 420 Clackamas
OR. 97015-7907
United States
+1 503-850-4999
Follow us on

Data security is crucial in today's interconnected world

Without proper protection, sensitive information on your systems is vulnerable to cyberattacks. U.S. Federal Information Processing Standards (FIPS) 140-3 provides a standardized set of security requirements for cryptographic modules. It can be applied across multiple industries to enhance the protection of sensitive information in computer and telecommunication systems. Validation to the standard provides assurance that products are secure, trustworthy and meet industry and government requirements.

SGS Brightsight offers comprehensive solutions to help you successfully access target markets in the United States with security compliant products, enabling risk mitigation and market differentiation.

Why SGS Brightsight?

With over 35 years of experience in cybersecurity and a growing global network of specialist testing facilities, SGS Brightsight is the world’s number one security evaluation service provider with over 700 security evaluations completed every year. With specialists in all market segments, including payment, medical, automotive, industrial and consumer IoT, we understand the technical requirements relevant to your cryptographic module and we have the capabilities in place to help you deliver cybersecure products.

Our experts support the streamlining of evaluation criteria into a single assessment process that incorporates all relevant global, regional and vendor requirements. SGS Brightsight is your first choice for independent testing and developer support services when you want to efficiently deliver secure and compliant cryptographic modules.

CMVP & NVLAP Programs

The Cryptographic Module Validation Program (CMVP) is a joint effort between NIST and CCCS and is responsible for validating cryptographic modules to FIPS 140-3. Compliance to the CMVP requires validation by a Cryptographic and Security Testing (CST) laboratory accredited under the National Voluntary Laboratory Accreditation Program (NVLAP).  

Learn More

Our Services

As an NVLAP accredited CST, we offer comprehensive cryptographic module conformance testing and evaluation services for all aspects of FIPS 140-3. Our scope encompasses the full range of consultancy, assessment and monitoring solutions for pre-evaluation, security evaluation and post-evaluation.


Ongoing developer advisory support 


Readiness validations 

GAP Analysis

Cryptographic Algorithm Validation Program (CAVP)

NIST SP 800-90B Evaluation

FIPS 140-3 for Levels 2, 3, 4

FIPS 140-2 Level 4 - EFP testing

FIPS 140-3 Certification maintenance

Security evaluation