The SafeLogic Blog

SafeLogic is excited to announce that its CryptoComply v3 encryption software has achieved FIPS 140-3 validation from the National Institute of Standards (NIST).   FIPS 140-3 is the latest FIPS 140 standard from NIST and represents the gold standard for cryptographic module validation.  CryptoComply has been issued FIPS 140-3 certificate #4781.

Attaining FIPS 140-3 validation requires cryptographic module vendors to comply with strict FIPS 140-3 requirements for implementing cryptographic functionality. Once a cryptographic module is designed, implemented, tested, and documented, it must go through rigorous FIPS 140-3 testing by an accredited laboratory.  That testing spans activities such as code review, secure SDLC review, algorithm testing, and operational testing. 

When laboratory testing is completed, the submission goes to the Cryptographic Module Validation Program (CMVP), a joint effort between NIST and the Canadian Centre for Cyber Security, which conducts its own review.  The complete process often takes years. Achieving FIPS 140-3 validation, receiving a FIPS 140-3 certificate, and getting listed in the CMVP database is the culmination of all that effort and an acknowledgment that the resulting cryptographic module meets the highest standards for cryptographic implementation.

SafeLogic’s new FIPS 140-3 validated CryptoComply software is the latest addition to the company’s existing library of various FIPS 140 validated CryptoComply modules.  Among these modules are those that are compatible with the OpenSSL 3.x architecture and Java.  For maximum interoperability, those modules are available across a wide array of platforms (e.g., server, mobile, mainframe, embedded), operating systems (e.g., Linux, Windows, Mac, Android, iOS), and CPU architectures.  The modules also offer extensive programming language support (e.g., C / C++, Java, .NET, Rust, Python, Go, etc.) and are often drop-in replacements for popular open-source cryptographic software.

All in all, SafeLogic’s FIPS 140-3 modules support dozens of Operating Environments (OEs) on which they have been rigorously tested.   In fact, SafeLogic’s FIPS 140-3 validated CryptoComply v3 cryptographic software is certified across more than two dozen OEs, from mobile operating systems (e.g., iOS, iPadOS, and Android), to Windows, macOS, Windows Server, Oracle Solaris, and several Linux distributions (e.g., AlmaLinux, Debian, FreeBSD, Red Hat Enterprise Linux, Rocky Linux, SUSE Linux, and Ubuntu). 

“SafeLogic is delighted to add this new FIPS 140-3 validated cryptographic module to its CryptoComply product lineup.  Achieving this validation is a testament to CryptoComply’s adherence to the most rigorous cryptographic standards,” said Evgeny Gervis, SafeLogic CEO.  “SafeLogic customers now have options to migrate from FIPS 140-2 to FIPS 140-3 either now, in 2025, or into 2026, depending on their timing preferences. Whatever our customers decide, SafeLogic’s FIPS 140 Validation-as-a-Service offers a unique combination of software and managed services to help our customers adopt FIPS 140-3 validated software and achieve certification in a seamless manner.”

Earlier this year, SafeLogic made its FIPS 140-3 modules available to its customers as part of an Early Access Program (EAP) because some companies have long development/release cycles and wanted early access to the software for integration testing.  For SafeLogic’s subscription customers, the transition to FIPS 140-3 is covered by SafeLogic’s MaintainCert service, which is a component of SafeLogic’s broader FIPS 140 Validation-as-a-Service offering.  “Transitioning to FIPS 140-3 is no small undertaking. SafeLogic is proud to offer our customers a full white-glove migration path,” added Gervis.

If you are interested in SafeLogic’s latest FIPS 140-3 validated CryptoComply v3 cryptographic software, please e-mail sales@safelogic.com or contact your SafeLogic representative, who will be happy to assist you.