FIPS 140-3 has been approved, and wolfCrypt will be FIPS 140-3 validated!
On March 22, 2019 Federal Information Processing Standard (FIPS) 140-3 was approved by the Secretary of Commerce. FIPS 140-3 is an incremental advancement of FIPS 140-2, which now standardizes on the ISO 19790:2012 and ISO 24759:2017 specifications. Historically, ISO 19790 was based on FIPS 140-2, but has continued to advance since that time. FIPS 140-3 will now point back to ISO 19790 for security requirements. Keeping FIPS 140-3 as a separate standard will still allow NIST to mandate additional requirements on top of what the ISO standard contains when needed.
wolfSSL currently maintains two FIPS 140-2 certificates for the wolfCrypt Cryptographic Module: #2425 and #3389. Certificate #3389 includes algorithm support required for TLS 1.3 and can be used in conjunction with the wolfSSL embedded SSL/TLS library for full TLS 1.3 client and server support. wolfSSL intends to continue to serve our customers by taking wolfCrypt through the FIPS 140-3 validation process.
More information about wolfCrypt’s newest FIPS 140-2 certificate (#3389) can be found on our recent blog post. wolfSSL also recently announced the availability of wolfSSL “FIPS Ready” releases! To download the wolfSSL FIPS Ready release today and learn more about this exciting release, take a look at our FIPS Ready blog post.
If you are interested in a FIPS 140-3 validated version of wolfCrypt, or would like to learn how wolfSSL can help meet your FIPS requirements contact us today at firstname.lastname@example.org!