What is FIPS 140-2?

Federal Information Processing Standards (FIPS) 140-2 is a mandatory standard for the protection of sensitive or valuable data within Federal systems.

Why is FIPS 140-2 Important?

FIPS Validated 140-2

Federal agencies purchasing cryptographic-based security systems must confirm an associated FIPS 140-2 certificate exists.

This procurement “check-box” item is a deal breaker. Vendor claims of “designed for FIPS” or “FIPS ready” are not sufficient to pass this hurdle.

No FIPS certificate = No sale

Many private and commercial organizations perceive an advantage in selecting a product with a FIPS 140-2 certificate over a solution that has not undergone the rigorous approval process.

What is the status of the wolfSSL FIPS validation effort?

There are two versions of the wolfCrypt cryptography library that have been FIPS 140-2 validated (Certificate #2425 and #3389). For additional information contact fips@wolfssl.com.  Read our blog post update here, and our update on the most recent certificate here!

wolfCrypt FIPS 140-2 Level 1 Certificate #2425
wolfCrypt v4 FIPS 140-2 Level 1 Certificate #3389

I am a Techie. What is so great about the wolfCrypt FIPS module?

wolfCrypt is a cryptographic software API library. Your application may rely on wolfCrypt to provide all of the cryptographic processing. Instead of performing your own FIPS validation, you may claim that you are using an embedded FIPS cryptographic module. This will make your Federal customers happy.

wolfCrypt is compliant with FIPS 140-2 Implementation Guidance 9.10. We implemented a default entry point to run self-tests automatically. The FIPS OpenSSL module does not provide a default entry point.

Can I get a FIPS certificate in my company’s name?

Yes. You have the option of rebranding the wolfCrypt module and NIST will issue a FIPS 140-2 certificate in your company’s name. Your Sales Teams will thank you.

How can wolfSSL help me?

At wolfSSL, our security experts have the FIPS expertise you need. We will form a FIPS strategy that is best for you, optionally including on-site FIPS consulting! Before you search for a FIPS Consultant or begin calling several of the 22 FIPS Laboratories, contact us.  We can save you time, money, and effort.

wolfSSL FIPS Ready

In addition, wolfSSL also provides support for a wolfCrypt FIPS Ready version of the library! wolfCrypt FIPS Ready is our FIPS enabled cryptography layer code included in the wolfSSL source tree that you can enable and build. You do not get a FIPS certificate, you are not FIPS approved, but you will be FIPS Ready. FIPS Ready means that you have included the FIPS code into your build and that you are operating according to the FIPS enforced best practices of default entry point, and power on self test. wolfCrypt FIPS Ready can be downloaded from the wolfSSL download page located here: https://www.wolfssl.com/download/. More information on getting set up with wolfCrypt FIPS Ready yourself can be found on our FIPS Ready User guide here: https://www.wolfssl.com/docs/fips-ready-user-guide/