In September of 2026, the Cryptographic Module Validation Program (CMVP) will move all remaining FIPS 140-2 certificates to the Historical List, including the modules powering Windows BitLocker. For organizations navigating FIPS, CMMC, and FedRAMP, this is an immediate critical stop, as NIST guidance states federal agencies “should not include” Historical-status modules in new procurements, and CMMC Level 2 enforcement hits 2 months later. If your data-at-rest encryption relies on FIPS 140-2, your compliance architecture will become non-compliant overnight.
Fortunately, you can bridge this gap in your data-at-rest FIPS encryption requirements by deploying VeraCrypt powered by the wolfCrypt cryptographic engine. This combination pairs VeraCrypt’s mature, industry-standard disk encryption frontend with wolfCrypt’s lightweight, high-performance backend, which carries two active FIPS 140-3 certificates. When utilizing wolfCrypt, VeraCrypt retains its trusted features, including full-disk and partition encryption, secure virtual disks, cross-platform support, and hidden volumes for plausible deniability, with an instant update to meet federal standards.
Instructions for building VeraCrypt with the wolfCrypt backend are available in the VeraCrypt repository.
Want help evaluating whether this fits your FIPS 140-3 and CMMC requirements, or interested in wolfCrypt FIPS licensing? Contact us at facts@wolfssl.com or call +1 425 245 8247.
Download wolfSSL Now