Important News:SafeLogic announces PQC Early Adopter Program at RSA Conference 2024 Learn more!

The SafeLogic Blog

What Is FIPS 140-2 & Why Does It Matter?

March 13, 2018 Ray Potter

[Originally published on Carbon Black's blog on March 8, 2018.]Carbon Black FIPS 140-2

Carbon Black has just announced the successful FIPS 140-2 validation of their Carbon Black Cryptographic Module and availability within their Cb Response and Cb Protection products. Our team at SafeLogic is extremely proud to power that effort and in the spirit of our partnership, I’m here to explain what FIPS 140-2 is and why it’s a big deal.

In 1995, NIST (the U.S. National Institute of Standards and Technology) and their Canadian counterpart CSE (Communications Security Establishment) teamed up to establish the mechanisms for testing and certifying that the FIPS 140 benchmark had been met. NIST and CSE employees staff the CMVP (Cryptographic Module Validation Program) and CAVP (Cryptographic Algorithm Validation Program), which cooperate with independent third party testing labs. While the labs conduct functional testing, it is the CMVP that ultimately reviews the results and issues the FIPS 140 validation. This formalized the process into the certification system we know today.

Read the rest of this blog post at!

Ray Potter

Ray Potter

Ray Potter is the Founder of SafeLogic, which was spun off from his previous venture, the Apex Assurance Group consulting firm. He brings over 20 years of security and compliance experience, including leading teams at Cisco and Ernst & Young, to the operations team at SafeLogic. Ray loves playing guitar and flying airplanes.

Share This:

Back to posts

Popular Posts

Search for posts


See all