Skip to main content

FIPS 140-2

Ensuring compliance with FIPS 140-2


UL will help you through the process, from design assessment through receiving your certificate number. Our FIPS 140-2 validation testing process includes:

  • Design assessment to determine whether or not your product meets the FIPS requirements
  • Algorithm testing to ensure that your cryptographic algorithms are implemented properly
  • Source code review
  • Physical security testing
  • Operational testing
  • Extensive reviews, including final approval by our Lab Director before submission to the Cryptographic Module Validation Program (CMVP)
  • Coordination with the CMVP to ensure that your report goes through the validation process as smoothly as possible


  • UL’s laboratory in San Luis Obispo (formerly known as InfoGard) was the first federally accredited FIPS laboratory (NVLAP Lab Code: 100432-0) to perform FIPS 140-1 and 140-2 validation testing. UL has the experience, relationships and tools in place to help you attain the FIPS 140-2 validation your product requires.
  • UL can serve clients across the global, boasting the largest FIPS validation test team to meet the need of our clients.
  • UL has tested more cryptographic modules of all types and security levels than any other laboratory and is the most experienced FIPS 140-2 laboratory and consultant in the industry. Our security engineers and management played an integral role in the development of the original FIPS 140 standard, so we thoroughly understand the intent of the requirements and how to achieve compliance.

Services include:

  • Cryptographic Module Validation Program (CMVP)
  • Requirements for FIPS 140-2 Validation Testing
  • Cryptographic Algorithm Validation Program (CAVP)
  • Product Profile and Documentation Workshop
  • Algorithm Validation Testing
  • Random Number Generator Entropy Analysis
  • Physical Security Pre-Evaluation Services
  • Compliance Consulting
  • ISO 19790 Introductory Workshop
  • ISO 19790 Validation Testing