This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 57.99999999999999%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHC%3C/text%3E%3C/svg%3E)
Per the article here: https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/overview Managed HSM is using FIPS 140-2 Level 3 HSMs for security. Is it possible to get the NIST certificates for those HSMs? We are in the midst of a project and for audit purposes we need to provide a copy of those certificates stating the hardware is certified for Level 3. Thanks. -Chris
@Harry, Christopher
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
Hello Chris,
I'd recommend to contact fips@microsoft.com with questions.
Windows FIPS 140 validation
If this is helpful please accept answer.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Harry, Christopher , Thanks for reaching out. You can use certificate https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/3718 FIPS 140 Level 3 validated HSMs for safeguarding cryptographic keys for security. Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.
Thank you for the link to the certificate. Do you have any documentation that links the Key Vault Managed HSM to that certificate? The only reference to HSMs in the KV documentation are Marvell Liquid Security, but the certificate linked is for Nitrox. Is the Key Vault Managed HSM currently using Nitrox HSMs? Thanks.
Apologies for delay in response.
Marvel acquired Nitrox so both now are the same. Certs are not documented as they may change from time to time. Key Vault service uses a mix of Thales nShield F2 6000+ and Marvell LiquidSecurity HSM cards in the backend for HSM functionality. They are FIPS 140-2 Level 2 or greater validated. The relevant NIST certificates are here (Cryptographic Module Validation Program | CSRC (nist.gov)) and here (Cryptographic Module Validation Program | CSRC (nist.gov))
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.