FIPS 140-2 Compliance

Thales eSecurity meets your needs for data security compliance with FIPS 140-2 certification

Americas Map


Active now

FIPS 140-2

FIPS 140-2 (Federal Information Processing Standards Publication 140-2) is a set of U.S. NIST (National Institute of Standards and Technology) standards for cryptographic modules that many global organizations are mandated to meet. Thales e-Security delivers products that have been tested and certified to the rigorous FIPS 140-2 encryption standards and that help you comply while also giving you the confidence you need in your cryptographic tools.

Encryption Standards

According to FIPS Publication 140-2:

[It] provides a standard that will be used by Federal organizations when these organizations specify that cryptographic-based security systems are to be used to provide protection for sensitive or valuable data. Protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module. This standard specifies the security requirements that will be satisfied by a cryptographic module.

The FIPS 140-2 compliance standard provides four increasing qualitative levels of security intended to cover a wide range of potential applications and environments. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include cryptographic module specification; cryptographic module ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks.

Thales eSecurity Support for FIPS 140-2 Compliance Standards

Thales develops cryptographic products and subsystems which conform to the FIPS 140-2 compliance standards. Thales e-Security products that meet these compliance standards include:

Hardware Security Modules (HSMs)

  • The nShield family of FIPS-certified HSMs provide a secure solution for generating encryption and signing keys, creating digital signatures, encrypting data and more in a network environment.
  • The payShield family of FIPS-certified HSMs are proven hardware security modules dedicated to the payment industry for issuing credentials, processing transactions and managing keys.

Data at Rest Encryption – Vormetric Data Security Platform

Data in Motion Encryption Hardware

  • DataCryptor 5000 FIPS-certified appliances provide robust network data security, low latency, and high performance in Layer 2 and IP networks.

In addition to helping with compliance of FIPS 140-2; FedRAMP; FIPS 199; FIPS 200; FISMA; and NIST 800-53, Revision 4, Thales e-Security solutions help you comply with:

Thales eSecurity’s FIPS 140-2 Certified Products

  Level 1 Level 2 Level 3
nShield General Purpose Hardware Security Modules (HSMs)
nShield Edge  
nShield Edge F2

nShield Edge F3
nShield Solo+  
nShield Solo F2

nShield Solo F3
nShield Solo XC  
nShield Solo XC F2

nShield Solo XC F3
nShield Connect+    
nShield Connect XC    
nToken (nShield accessory)    
Vormetric Data Security Manager (DSM) Appliances
DSM Virtual Appliance Pending    
DSM 6000    
DSM 6100    
Vormetric Transparent Encryption Agents
VTE Agents    
payShield Payment HSMs
payShield 9000    
Datacryptor Encryption Platforms
Datacryptor Ethernet Layer 2    
Datacryptor SONET/SDH    

Data Sheet: nShield Connect

The nShield Connect is the premier network-attached hardware security module (HSM) in the Thales family of high security data protection solutions.


Data Sheet: Datacryptor 5000

The Datacryptor 5000 Series is a family of high-speed data in motion security platforms that deliver high performance encryption at near zero latency.


Other key data protection and security regulations

NIST 800-53 / FedRAMP

Americas Map Thumbnail


Active now

Since June 5, 2014 federal agencies have been required to meet FedRAMP standards, ensuring they meet internal data security standards and extended security controls for cloud-computing.

Learn More


Americas Map Thumbnail


Active now

These regulations cover healthcare information in the US, HIPAA relates to protection; encryption, key management. etc and HITECH relates to disclosure of data breaches.

Learn More


Americas Map Thumbnail


Active now

United States Federal Law setting standards for a range of US companies, SOX Act sections 302 and 404 relate directly to data protection.

Learn More
Contact a Compliance Specialist Contact Us
Are you fit for GDPR Take our readiness assessment now
Read the Compliance and Regulations Solutions Handbook Read the eBook
インタラクティブなデモを閲覧する デモ
ライブデモの申し込み デモの申し込み
スペシャリストへのコンタクト お問い合わせ