Federal Information Processing Standard (FIPS) 140

FIPS 140 overview

The Federal Information Processing Standard (FIPS) 140 is a US government standard that defines minimum security requirements for cryptographic modules in information technology products and systems. Testing against the FIPS 140 standard is maintained by the Cryptographic Module Validation Program (CMVP), a joint effort between the US National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security, a branch of the Communications Security Establishment (CSE) of Canada.

FIPS 140 has security requirements covering 11 areas related to the design and implementation of a cryptographic module. Each module has its own security policy — a precise specification of the security rules under which it operates — and employs approved cryptographic algorithms, cryptographic key management, and authentication techniques. For each area, a cryptographic module receives a security level rating 1 to 4 (from lowest to highest) depending on the requirements met. Rather than encompassing the module requirements directly, the latest version FIPS 140-3 references:

  • ISO/IEC 19790:2012 Security requirements for cryptographic modules for requirements, and
  • ISO/IEC 24759:2017 Test requirements for cryptographic modules for testing of the requirements.

For more information, see FIPS 140-3 Standards.

Validation against the FIPS 140 standard is required for all US federal government agencies that use cryptography-based security systems — hardware, firmware, software, or a combination — to protect sensitive but unclassified information stored digitally. NIST publishes a searchable list of vendors and their cryptographic modules validated for FIPS 140.

Note

FIPS 140-2 has been superseded by FIPS 140-3. Based on the FIPS 140-3 transition schedule:

  • FIPS 140-3 testing started on 22 September 2020.
  • Between 22 September 2020 and 22 September 2021, NIST will issue both FIPS 140-2 and FIPS 140-3 certificates.
  • After 22 September 2021, the new version FIPS 140-3 will become the only option for new validation certificates.
  • CMVP guidance: "FIPS 140-2 modules can remain active for five years after validation or until 21 September 2026, when the FIPS 140-2 validations will be moved to the historical list. Even on the historical list, CMVP supports the purchase and use of FIPS 140-2 modules for existing systems. While Federal Agencies decide when they move to FIPS 140-3 only modules, purchasers are reminded that for several years there may be a limited selection of FIPS 140-3 modules from which to choose. CMVP recommends purchasers consider all modules that appear on the Validated Modules Search Page and meet their requirements for the best selection of cryptographic modules, regardless of whether the modules are validated against FIPS 140-2 or FIPS 140-3."

Azure and FIPS 140

Microsoft maintains an active commitment to meeting the FIPS 140 requirements, having validated cryptographic modules since the standard’s inception in 2001. Microsoft certifies the cryptographic modules used in Microsoft products with each new release of the Windows operating system. For technical information on Microsoft Windows cryptographic modules, the security policy for each module, and the catalog of CMVP certificate details, see the Windows and Windows Server FIPS 140 documentation.

Note

Microsoft submits new versions of the Windows operating system for FIPS 140 cryptographic module validation on an ongoing basis. You should review the publicly available Modules in Process List to check the status of Microsoft submissions if the Windows FIPS 140 certificate of interest has been moved to historical status.

When a FIPS 140 certificate gets moved to the historical list, it doesn’t mean that the certificate has been revoked. The validation is still there; however, US federal agencies are advised not to include the corresponding crypto modules in new procurements. Instead, CMVP recommends that agencies conduct a risk determination on whether to continue using the modules on this list based on their own assessment of where and how the modules are used.

While the current CMVP FIPS 140 implementation guidance precludes a FIPS 140 validation for a cloud service, cloud service providers can obtain and operate FIPS 140 validated cryptographic modules for the computing elements that comprise their cloud services. Azure is built with a combination of hardware, commercially available operating systems (Linux and Windows), and Azure-specific version of Windows. Through the Microsoft Security Development Lifecycle (SDL), all Azure services use FIPS 140 approved algorithms for data security because the operating system uses FIPS 140 approved algorithms while operating at a hyper scale cloud. Moreover, you can use Azure Key Vault to store your own cryptographic keys and other secrets in FIPS 140 validated hardware security modules (HSMs).

Applicability

  • Azure
  • Azure Government

Office 365 and FIPS 140

For more information about Office 365 compliance, see Office 365 FIPS 140 documentation.

Attestation documents

For a list of FIPS 140 certificates applicable to Azure services, see validated modules used by Windows Server. For example, a given FIPS 140 certificate covers Windows cryptographic modules that Azure relies on for FIPS 140 validated encryption. You should review the list of FIPS algorithms under the certificate. The corresponding security policy applicable to the certificate provides additional relevant information and can be downloaded from the same Windows Server validated FIPS modules page.

As described in the security policy, the cryptographic primitives library (BCryptPrimitives.dll) that is covered by the certificate can generate and use keys for the popular AES, RSA, and HMAC SHA algorithms. For example, Azure Storage service encryption uses this library to provide AES-256 data encryption at rest that is enabled by default. The same is true for Azure SQL Database transparent data encryption (TDE) and for encryption in other Azure services. Even though it isn't possible to package and submit Azure Storage or Azure SQL Database to NIST labs for testing and validation, these Azure services and others rely on FIPS 140 validated encryption by using the FIPS 140 validated cryptographic modules in the underlying operating system.

The integrity chain of trust described in the security policy explains how various components fit together and references additional modules such as the kernel mode crypto primitives library, code integrity, and so on. The corresponding certificates for these modules are mentioned in the certificate and listed among the Windows Server validated cryptographic modules.

You can store your encryption (cryptographic) keys in hardware security modules (HSMs) under your control, and rely on a key management service such as Azure Key Vault for key access and management. The Key Vault service supports two resource types:

  • Vaults – support storing secrets, keys, and certificates in multi-tenant HSMs that have FIPS 140 Level 2 validation.
  • Managed HSMs – provide a fully managed, highly available, single-tenant HSM as a service that uses FIPS 140 Level 3 validated HSMs for safeguarding cryptographic keys only.

Frequently asked questions

What is the difference between “FIPS 140 validated” and “FIPS 140 compliant”?
“FIPS 140 validated” means that the cryptographic module, or a product that embeds the module has been validated (“certified”) by the CMVP as meeting the FIPS 140 requirements. “FIPS 140 compliant” is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality.

When does Microsoft undertake a FIPS 140 validation?
The cadence for starting a module validation aligns with the feature updates of Windows and Windows Server. As the software industry evolved, operating systems are released more frequently, with monthly software updates. Microsoft undertakes validation for feature releases, but in between releases, seeks to minimize the changes to the cryptographic modules.

Which computers are included in a FIPS 140 validation?
Microsoft validates cryptographic modules on a representative sample of hardware configurations running Windows 10 and Windows Server. It is common industry practice to accept this FIPS 140 validation when an environment uses hardware that is similar to the samples used for the validation process.

There are many modules listed on the NIST website. How do I know which one applies to my agency?
If you are required to use cryptographic modules validated through FIPS 140, you need to verify that the version you use appears on the validation list. The CMVP and Microsoft maintain a list of validated cryptographic modules, organized by product release, along with instructions for identifying which modules are installed on a Windows system. For more information on configuring systems to be compliant, see the Windows and Windows Server FIPS 140 content.

What are the implications of a FIPS 140 certificate getting moved to the historical list?
When a FIPS 140 certificate gets moved to the historical list, it doesn’t mean that the certificate has been revoked. The validation is still there; however, US federal agencies are advised not to include the corresponding crypto modules in new procurements. Instead, CMVP recommends that agencies conduct a risk determination on whether to continue using the modules on this list based on their own assessment of where and how the modules are used.

What does "when operated in FIPS mode" mean on a certificate?
This caveat informs the reader that required configuration and security rules must be followed to use the cryptographic module in a way that is consistent with its FIPS 140 Security Policy. Each module has its own Security Policy — a precise specification of the security rules under which it will operate — and employs approved cryptographic algorithms, cryptographic key management, and authentication techniques. The security rules are defined in the Security Policy for each module. For more information, including links to the Security Policy for each module validated through the CMVP, see the Windows and Windows Server FIPS 140 content.

Are applications or cloud services validated through FIPS 140?
No. The scope for a FIPS 140 validation is a cryptographic module. Microsoft submits the cryptographic modules used by Windows for FIPS 140 validation, not individual applications or cloud services. Applications that use the Windows cryptographic modules may be considered compliant when the operating system is configured to operate according to the security policy for the module. You can find more information, including links to the security policy for each module validated through the Cryptographic Module Validation Program, in our FIPS 140 online documentation.

How does Azure support FIPS 140?
Azure is built with a combination of hardware, commercially available operating systems (Linux and Windows), and Azure specific version of Windows that leverage the FIPS 140 validated implementations in use by our commercial operating systems. Through the Microsoft Security Development Lifecycle (SDL), all Azure services use FIPS 140 approved algorithms for data security. Due to the high-performance requirements of a hyper scale cloud, Microsoft doesn't enforce FIPS Mode by default but instead relies on our industry leading SDL to identify usage of non-FIPS approved algorithms and uses code scanning tools to validate these assertions. The combination of ensuring that applications are using FIPS 140 approved algorithms and that the implementations they use are either FIPS 140 validated or derived from FIPS 140 validated algorithms provides a hyper scale cloud approach to meeting the FIPS 140 requirements.

Does Microsoft offer FIPS 140 Level 3 validated HSMs in Azure? If so, can I store AES-256 symmetric encryption keys in these HSMs?
Yes. Azure Key Vault Managed HSM provides a fully managed, highly available, single-tenant HSM as a service that uses FIPS 140 Level 3 validated HSMs. Each Managed HSM instance is bound to a separate security domain controlled by you and isolated cryptographically from instances belonging to other customers. With Managed HSMs, support is available for AES 128-bit and 256-bit symmetric keys.

Does FedRAMP require FIPS 140 validation?
Yes, the Federal Risk and Authorization Management Program (FedRAMP) relies on control baselines defined by the NIST SP 800-53 standard, including the SC-13 Cryptographic Protection control mandating the use of FIPS-validated cryptography or NSA-approved cryptography.

Can I use Microsoft’s adherence to FIPS 140 in my agency’s certification process?
To comply with FIPS 140, your system must be configured to run in a FIPS approved mode of operation, which includes ensuring that a cryptographic module uses only FIPS-approved algorithms. For more information on configuring systems to be compliant, see Using Windows in a FIPS 140 approved mode of operation.

What is the relationship between FIPS 140 and Common Criteria?
These two separate security standards have different, but complementary, purposes. FIPS 140 is designed specifically for validating software and hardware cryptographic modules, while the Common Criteria is designed to evaluate security functions in IT software and hardware products. For more information, see the list of Common Criteria certified products. Common Criteria evaluations often rely on FIPS 140 validations to provide assurance that basic cryptographic functionality is implemented properly. Neither FIPS 140 nor Common Criteria are intended to validate cloud services. For Windows OS validation, see the following online documentation:

Resources