Skip to main content
Switch Language
  • Service

FIPS 140-2 and FIPS 140-3 Testing and Evaluation Services

Perform validation testing services to demonstrate the compliance of your products to the FIPS 140-2 and FIPS 140-3 standards.

Data connection points

UL Solutions recognizes the importance that FIPS certificates hold for our customers and the vital role that both the Cryptographic Module Validation Program (CMVP) and the Federal Information Processing Standards (FIPS) requirements have in the IT security industry. As such, we aim to test your products efficiently while conducting our services with the highest level of integrity. Having performed testing for more than 1,000 validations over 25 years, UL Solutions has the skill and experience to offer vendors world-class services while obtaining FIPS validations.   

Our services can start as early as your development processes, where we can assist your team in incorporating FIPS compliance into the design of your products. This approach helps mitigate risk by identifying compliance gaps early on. Identifying issues early means solutions can be discussed and planned. Testing methodology is provided in advance, assisting your certification team in planning accordingly, and our experts track scheduling closely to help ensure our progress is in step with your development and test targets.   

UL Verification Services Inc. is accredited by NVLAP (Laboratory Code 100432-0) for test methods for both FIPS 140-2 and FIPS 140-3, and for testing of approved security functions, including algorithm testing for the Cryptographic Algorithm Validation Program (CAVP).  

Learn more about our FIPS 140-3 training course

Training covers FIPS, ISO/IEC 19790, ISO/IEC 24759, algorithms and more. 

Get started today

Service offerings

Demonstrate the compliance of your cryptographic modules to FIPS 140-2 or 140-3 with UL Solutions' comprehensive validation and testing services. UL Solutions can support you at various stages throughout the process, from design assessment to validation test report submission. Our FIPS Validation testing process includes:

Support services

  • Strategy and planning
  • Gap analysis

Services prior to validation

  • Product profile workshop
  • Documentation workshop
  • Preliminary assessment

Cryptographic Algorithm Validation Program (CAVP) algorithm testing services

  • Cryptographic Algorithm Testing using NIST’s Automated Cryptographic Validation protocol

FIPS 140 Validation and Revalidation testing services

  • Design assessment
  • Source code review
  • Physical security testing
  • Operational testing
  • Entropy assessment (SP 800-90B)
  • Extensive technical and quality reviews
  • Coordination with the CMVP to ensure that your report goes through the validation process as smoothly as possible.
  • Embedded “FIPS Inside” module compliance review
  • Original equipment manufacturer (OEM) validation services

Post validation support

  • Monitor changes to the validation program requirements and update vendors on changes to the program or standard through implementation guidance issues by CMVP.

Benefits

  • As the industry’s most experienced FIPS laboratory, UL Solutions has tested more cryptographic modules of all types and security levels than any other laboratory. We have the requisite experience to produce high-quality results on time and on budget.
  • With personnel located in the United States and internationally, UL Solutions can serve customers across the globe.
  • UL Solutions is a comprehensive service provider for many of our customers as we offer a wide range of Certifications, such as Common Criteria, Personal Identity Verification (PIV) and a variety of other validations to address your certification needs.
  • We can help test products during their development stages so that those products can demonstrate compliance with the required standards in order to reach the market.
  • We have multiple teams specializing in specific areas of testing such as physical security testing, algorithm testing and entropy assessment, making our experience in each area unparalleled. 
  • Multiple teams simultaneously perform your validation test activities, reducing validation completion time.
  • Our security engineers and management played an integral role in the development of the FIPS 140 standards, the Implementation Guidance, and the SP 800-90A and SP 800-90B entropy requirements. Consequently, our laboratory understands the intent of the standards requirements and how to achieve compliance.
  • The depth and scope of UL Solutions' analysis and robust processes can contribute to achieving a better product.
Download our FIPS e-book
Understanding

Understanding the Federal Information Processing Standards FIPS 140-3 Validation Process

3.57 MB
X

Get connected with our sales team

Thanks for your interest in our products and services. Let's collect some information so we can connect you with the right person.

Please wait…