As of September 2026, existing FIPS 140-2 certificates have moved to the "Historical" list. For US Federal and DoD contracts, new procurements generally require active FIPS 140-3 validation. Do not start a new design in 2026 based on OpenSSL FIPS 140-2 FOM 2.0.
Why the Move to ISO/IEC 19790?
NIST finally recognized that maintaining a US-only standard (FIPS 140-2) created unnecessary friction for global vendors. FIPS 140-3 is technically a wrapper around ISO/IEC 19790:2012 (Security Requirements) and ISO/IEC 24759:2017 (Test Requirements).
This alignment means:
- Terminology Change: "Services" is now a strictly defined term in ISO 19790 Section 7.4.
- SSP Management: "Critical Security Parameters" are now "Sensitive Security Parameters" (SSP), covering both CSPs and PSPs (Public Security Parameters).
- Ports & Interfaces: Stricter separation of Control Input vs. Data Input.
Engineering Deep Dive: What Breaks in Your Code?
1. The "Degraded" State Machine
FIPS 140-2 was largely binary: FIPS_mode_set(1) succeeded or failed.
FIPS 140-3 (ISO 19790 Section 7.2.4.2) introduces the Degraded State.
// FIPS 140-3 POST (Power-On Self Test) Logic
if (perform_kat_tests() != SUCCESS) {
if (is_soft_error()) {
// Module must enter DEGRADED state
// Crypto operations disabled, but Status Output still valid
set_module_state(STATE_DEGRADED);
alert_admin("Self-test failed, crypto disabled.");
} else {
// Critical error, hard panic
set_module_state(STATE_ERROR);
abort();
}
}Your application must be able to query this state. If the crypto module goes degraded, does your entire application crash, or can it gracefully fallback to a "Maintenance Mode"?
2. Entropy is No Longer "Implied" (SP 800-90B)
Under FIPS 140-2, many software modules assumed the OS /dev/urandom provided sufficient
entropy.
Under FIPS 140-3 + SP 800-90B, you must explicitly validate the entropy source.
If you are using a user-space implementation (like Bouncy Castle or OpenSSL FIPS provider), you cannot simply trust the underlying OS without evidence. You often need to implement Continuous Random Number Generator Tests (CRNGT) or health tests on the ingest.
3. Zeroization is "Active Overwrite"
ISO 19790 Section 7.9 requires zeroization of all unprotected SSPs.
Compiler optimizations are your enemy here. memset() calls are often optimized away by
GCC/Clang
if the variable is not used afterward.
The Fix: Use secure wipe primitives or volatile pointers.
void secure_zero(void *v, size_t n) {
volatile unsigned char *p = v;
while (n--) *p++ = 0;
}
// Usage
secure_zero(aes_key, sizeof(aes_key));Module Lifecycle & Revalidation
One of the most painful aspects of 140-3 is the 5-year sunset on algorithm certificates (ACVP). If you link against a FIPS module validated in 2021, its algorithm certs might expire in 2026, rendering the module invalid for new procurements even if the software hasn't changed.
CMVP Statuses Decoded
| Status | Meaning for Procurement |
|---|---|
| Active | Gold standard. Acceptable for new and existing systems. |
| Historical | Acceptable for existing systems. Discouraged/Prohibited for new designs. |
| Revoked | Module has a security vulnerability. Replace immediately. |
Alterra's FIPS Compliance Framework
We provide a pre-validated FIPS 140-3 wrapper for our defense clients. Instead of managing `fips_provider.conf` and entropy sources yourself, our SDK ensures:
- Correct Initialization: Ensures FIPS provider is loaded before any crypto calls.
- Health Monitoring: Exposes the module's state (Active/Degraded/Error) to your telemetry.
- Zeroization Hooks: Automated stack wiping upon process termination.
"Don't get stuck in the lab."
A failed FIPS lab test costs $50k+ and 6 months of delay. Let us pre-validate your architecture against SP 800-140x requirements.
Get a Pre-Assessment