FIPS 140-2 is one of many cryptographic standards maintained by the Computer Security division of NIST, the US National Institute for Standards and Technology. NIST, in conjunction with the Canadian Communications Security Establishment (CSE) operates the Crypto Module Validation Program (CMVP), through which security products are validated.

Thales develops cryptographic products and subsystems which conform to the FIPS 140-2 standard. The following have been validated under the CVMP as meeting the FIPS 140-2 version of the standard:

  • Secure Generic Sub-System (SGSS), the cryptographic module used in:
    • Host Security Module (HSM 8000 series)
    • P3 Product Range (P3CM)
    • Datacryptor (Layer 3 IP)
    • Datacryptor (Bulk and Link Layer 2)
  • Thales Secure Processing Platform (TSPP), the cryptographic module used in:
    • payShield 9000
  • nShield Solo family (PCI/ PCIe cards)
  • nShield Connect
  • nToken (used with the nShield Connect)
  • keyAuthority

To view the Thales FIPS 140-2 entries on the NIST website for the Secure Generic Sub-System click here, and for the Thales Secure Processing Platform click here.

To view the latest Thales FIPS 140-2 entries on the NIST website for the Datacryptor 2000, Datacryptor AP and Small Form Factor family, Link, Frame Relay, E1/T1, E3/T3 and IP models using SGSS V3.4 click here. For the Datacryptor Ethernet Layer 2 100Mbps, click here. For the Datacryptor Ethernet Layer 2 1 Gbps and 10Gbps Models, click here. For the Datacryptor SONET/SDH OC-3/12/48/192C, click here.  In addition, all Datacryptor AP and Datacryptor 2000 cryptographic algorithms have been validated under the NIST Crypto Algorithm Validation Program (CAVP). For links to the NIST website for CAVP entries for Thales Datacryptor, click on the following algorithms: TDES, AES, SHA-1, DSA, HMAC or RNG.

To view the Thales FIPS 140-2 entry for keyAuthority, click here.

For links to the NIST website for Thales FIPS 140-2 entries for the two most recent versions of nShield products and the most recent version of our time stamping products, click on the number in the table below:

Product

Initialized in
normal mode

Initialized in
strict FIPS mode

nShield PCI 500 F2

1202, 1740

N/A

nShield PCI 2000 F2 & PCI 4000 F2

1201, 1737

N/A

nShield 500e F2 & 6000e F2

1196, 1743

N/A

nShield PCI 500 F3

1200, 1746

1198, 1741

nShield PCI 2000 F3 & PCI 4000 F3

1199, 1746

1195, 1708

nShield 500e F3 & 6000e F3

1203, 1733

1197, 1742

netHSM 500

1200, 1746

1198, 1741

netHSM 2000

1199, 1746

1195, 1708

nShield Connect 500

1203, 1733

1197, 1742

nShield Connect 1500

1203, 1733

1197, 1742

nShield Connect 6000

1203, 1733

1197, 1742

nToken PCI

967, 1738

N/A

nToken PCIe

971, 1744

N/A

nShield F3 10

1200, 1705

1198, 1741

nShield Edge F2

971, 1744

N/A

nShield Edge F3

971, 1744

972, 1739

Time Stamp Server

1203

1197

Time Source Master Clock

1739

1739

Finally, products currently undergoing FIPS 140-2 validation can be viewed here.