FIPS 140-3

The Federal Information Processing Standard (FIPS) Publication 140-3 was a proposed update to the U.S. government computer security standard used to accredit cryptographic modules. The title of the standard is Security Requirements for Cryptographic Modules and FIPS 140-2 remains the currently approved version. Efforts to update FIPS 140-2 date back to the early 2000s. The FIPS 140-3 (2013 Draft) was scheduled for signature by the Secretary of Commerce in August 2013, however that never happened and the draft was subsequently abandoned. In 2014, NIST released a substantially different draft of FIPS 140-3, this version effectively directing the use of an International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) standard, 19790:2012, as the replacement for FIPS 140-2. The 2014 draft of FIPS 140-3 was also abandoned. On August 12, 2015, NIST formally released a statement on the Federal Register asking for comments on the potential use of portions of ISO/IEC 19790:2014 in the update of FIPS 140-2. The reference to a 2014-version of ISO/IEC 19790 was an inadvertent error in the Federal Registry posting, as 2012 is the most recent version.