Product Security Certification: FIPS 140-3
Intel is committed to product security certification, designing solutions to comply with government regulatory requirements such as Federal Information Processing Standard (FIPS) 140-3.
What is FIPS-140-3?
Federal Information Processing Standards (FIPS) 140 are specifications developed by the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS) covering security requirements for cryptographic modules. FIPS 140-3 refers specifically to version 3, the current version of the standard.
Validation is issued by the NIST Cryptography Module Validation Program following testing by an accredited independent lab. Security levels range from level 1 (simple protections) to level 4 (hardened against many forms of attack); the number of applicable requirements and their stringency increases with each level.
“When our products meet leading standards for security, Intel is not only better situated to be a leader in the public sector market, but we also help enable our customers in other sectors to meet emerging security requirements.”
- Anand Pashupathy, Vice President, General Manager, Intel Product Assurance and Security
FIPS Commitment
Intel is committed that all defined products with cryptography implementation or modification that reach production must be FIPS certifiable. This means products with defined cryptographic modules meet the following criteria:
- Designed and implemented to meet applicable FIPS 140-3 requirements
- Include one or more FIPS-approved algorithms and entropy source validation
- Capable of performing required self-tests and other operations
- Enable acquisition of FIPS 140-3 validation by Intel or customers (including OEMs)
- Documentation is provided
To ensure products can be FIPS 140-3 validated, all Intel designs that contain cryptography implementation or modification (hardware, firmware, and software) must complete assigned tasks in our Security Development Lifecycle process. This mandate establishes that all products must design and implement to meet FIPS140-3 specification requirements to achieve future FIPS 140-3 validation.
FIPS Approach
Intel’s commitment to product security includes focus on compliance with government regulatory requirements and industry best practices.
Validated FIPS Cryptographic Modules
Certification: 4648
Cryptographic Module for Intel Platforms' Security Engine Chipset
Standard: FIPS140-2
Security Level 1
Status: Active
Module Type: Hybrid
Sunset Date: 2026-09-21
Certification: 4599
Cryptographic Module for Intel Platforms' Security Engine Chipset
Standard: FIPS140-2
Security Level 1
Status: Active
Module Type: Hybrid
Sunset Date: 2026-03-03
Cert #: 4355
Cryptographic Module for Intel Platforms' Security Engine Chipset
Standard: FIPS140-2
Security Level 1
Status: Historical
Module Type: Hybrid
Sunset Date: 2026-09-21
Certification: 4158
Cryptographic Module for Intel Converged Security and Manageability Engine (CSME)
Standard: FIPS140-2
Security Level 1
Status: Active
Module Type: Hybrid
Sunset Date: 2026-09-21
Certification: 4150
Intel Converged Security and Manageability Engine (CSME) Crypto Module for Tiger Point, Mule Creek Canyon and Rocket Lake PCH
Standard: FIPS140-2
Security Level 1
Status: Active
Module Type: Hybrid
Sunset Date: 2026-09-21
Certification: 4025
Intel Offload and Crypto Subsystem (OCS)
Standard: FIPS140-2
Security Level 2
Status: Active
Module Type: Hardware
Sunset Date: 2026-09-08
Certification: 3838
Cryptographic Module for Intel Platforms' Security Engine Chipset
Standard: FIPS140-2
Security Level 1
Status: Historical
Module Type: Hybrid
Sunset Date: 2026-03-03
Certification: 3511
Optane SSD DC D4800X
Standard: FIPS140-2
Security Level 2
Status: Active
Module Type: Hardware
Sunset Date: 2024-08-11
Certification: 2720
Cryptographic Module for Intel vPro Platforms' Security Engine Chipset
Standard: FIPS140-2
Security Level 1
Status: Historical
Module Type: Hybrid
Sunset Date: 1901-01-01
Certification: 2631
Intel OpenSSL FIPS Object Module
Standard: FIPS140-2
Security Level 1
Status: Historical
Module Type: Software
Sunset Date: 1901-01-01
Certification: 3838
Cryptographic Module for Intel Platforms' Security Engine Chipset
Standard: FIPS140-2
Security Level 1
Status: Active
Module Type: Hybrid
Sunset Date: 2024-03-03
Certification: 5032
Intel® QuickAssist Technology (QAT) Provider
Standard: FIPS140-3
Security Level 1
Status: Active
Module Type: Software Hybrid
Sunset Date: 2026-06-25
Solution Briefs
Intel® Digital Random Number Generator Software Implementation Guide
Intel® Secure Key includes instructions RDRAND and RDSEED and the underlying the hardware implementation used to generate high-quality keys for cryptographic protocols. This guide provides technical information on usage, including code examples
FIPS 140-3: Intel’s Approach to Cryptographic Module Validation
FIPS 140 security requirements cover areas related to the secure design, implementation and operation of a cryptographic module. This technical overview covers Intel’s commitment to product security compliance with this key standard.
ESV Validation
Entropy Certificate #E57
Implementation Name: Intel® DRNG Entropy Source
Description: Intel® DRNG Entropy Source
Version: DRNG MSL v1
Noise Source Classification: Physical
Reuse Status: Open for Reuse
Entropy Certificate #E136
Implementation Name: NIST SP800-90B TRNG Entropy Source
Description: NIST SP800-90B TRNG Entropy Source
Version: 1.0
Noise Source Classification: Physical
Reuse Status: Open for Reuse
Entropy Certificate #E164
Implementation Name: Intel® Digital Random Number Generator SP800-90B
Description: metastable latch
Version: 1.0
Noise Source Classification: Physical
Reuse Status: Open for Reuse
Entropy Certificate #E179
Implementation Name: Intel® DRNG 4 Entropy Source
Description: Intel® DRNG 4 Entropy Source
Version: IP-DRNG 4
Noise Source Classification: Physical
Reuse Status: Open for Reuse
Unlock Compliance with Confidence: Intel® Secure Key Validation Service
Customers developing products with cryptography for certain government or regulated sectors (federal, financial, healthcare, or cloud services) must undergo validation to comply with standards including FIPS 140-3 or Common Criteria.
One of the prerequisites for cryptographic module validation is NIST Entropy Source Validation (ESV), demonstrating the statistical soundness and security properties of your random number generator’s entropy source.
Intel has introduced a comprehensive service to assist customers in obtaining this validation for Intel® Secure Key, our Digital Random Number Generator (DRNG) that is included with all Intel products.
What is Intel® Secure Key?
Our proprietary DRNG, included with all Intel processors, is a hardware-based and highly performant solution that offers customers strong advantages:
- Easily accessible: Via RDRAND and RDSEED processor instructions, bypassing the operating system and hypervisor
- Proven design: Entirely hardware attack-resistant design following NIST recommendations for full entropy, isolated from OS and software, eliminating related attacks
- High throughput: Built to support heavy server application workloads
The Intel® Secure Key Validation Service leverages Intel and third-party NIST Cryptographic and Security Testing (CST) labs to streamline ESV for Intel® Secure Key in your operating environment(s).
Customers benefit from comprehensive guidance and management of the entire ESV process, helps ensure a smooth, efficient experience. Leveraging Intel’s established relationships and proven methodologies, you can achieve ESV in your name and restricted for reuse, gaining a competitive advantage and increasing brand equity.
CST labs benefit from Intel bringing all required data and documentation on the customer’s behalf, speeding the validation process.
To learn more about the Intel® Secure Key Validation Service, email: FIPSoffice@intel.com.
FIPS Support
If you have questions on Intel FIPS certification or support, please email your request to our FIPS Office.
Intel Product Security Center
View Security Advisories and get disclosure guidance on issues affecting Intel products.
Learn more