Utimaco’s Hardware security modules are FIPS 140-2 certified. Any Utimaco HSMs have been laboratory-tested and certified against FIPS 140-2 standards to help you comply with the standards you need to meet.
Protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module.
The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include:
Based on security requirements in the above areas, FIPS 140-2 defines 4 levels of security.
Level 1 is the lowest security level that can be applied to both soft- and hardware. It is characterized by the sole fact that it uses a cryptographic function.
Level 2 already has temper evidence as an additional security feature. This means that an attack may have been successful, but at least the fact that the secret has been divulged is known.
Level 3 devices are measured on tamper detection and response, identity-based authentication and enhanced protection of secret and private keys.
Level 4 devices are tamper resistant and provide environmental failure protection (with regard to voltage or temperature).
FIPS 140-2 compliance standard provides four increasing qualitative levels of security intended to cover a wide range of potential applications and environments:
Utimaco SecurityServer CSe is one of the very few HSMs in the market with FIPS 140-2 physical level 4.
Click here to find the Utimaco HSMs listed on the NIST website.
In addition to helping you comply with FIPS 140-2 and NIST SP800-53, Revision 4, Utimaco HSMs all can help you comply with:
and other national and industry proprietary standards and certification schemes like