Home / Technology / FIPS 140-3 Path

COMPLIANCE PATH

FIPS 140-3 Level 3 — what it requires and what CQ1 is designed for

An accurate account of FIPS 140-3, the current status of CQ1's physical security design, and the difference between "designed for" and "validated."

Accuracy statement

CQ1 is designed for FIPS 140-3 Level 3 validation. It has not yet received a CMVP certificate. FIPS 140-3 validation requires independent testing by a NIST-accredited laboratory (NVLAP). Until that testing is complete and NIST issues a certificate, Cryptrig does not claim FIPS 140-3 certified or validated status. The design and construction decisions described below are oriented toward meeting Level 3 requirements — they do not constitute certification.

What FIPS 140-3 Level 3 requires

FIPS 140-3 (ISO/IEC 19790:2012 + NIST CMVP) defines four levels of cryptographic module security, each building on the previous. Level 3 is the standard required for HSMs used in payment processing, certificate issuance, and regulated financial operations.

Level 1

Software implementation, no physical requirements. Standard for library modules running on general-purpose hardware.

Level 2

Physical tamper-evidence required (coatings, seals). Operator authentication required. Role-based access control.

Level 3 CQ1 design target

Hard tamper detection and response mechanisms: tamper-active boundary must detect and respond to penetration. Zeroization of critical security parameters on breach. Identity-based authentication. Private keys entered or output only in encrypted or split-knowledge form.

Level 4

Complete envelope of physical security protecting module from all unauthorized access. Environmental failure protection required. Applicable to very high-assurance deployments.

How CQ1 is designed for Level 3

The following describes CQ1's physical security design. These design attributes are oriented toward Level 3 requirements but do not constitute validated compliance until CMVP testing is complete.

Anti-tamper mesh and sensors

The cryptographic boundary is enclosed by an active tamper-detection mesh. Voltage and temperature sensors monitor for physical probing, laser fault injection, and differential power analysis attempts. The mesh circuit state is continuously verified.

Zeroization within 100ms

On tamper event, all key material in battery-backed SRAM is overwritten within 100 milliseconds. The zeroization circuit is independent of the main processor and executes even if firmware is not running.

Identity-based operator authentication

Operators authenticate via smartcard certificates plus PIN. The authentication mechanism is identity-based per FIPS 140-3 Level 3 requirements, not role-only. Dual-control is enforced for key loading and export operations.

Encrypted key entry and export

Private keys and critical security parameters never appear in plaintext outside the boundary. Key entry uses NIST SP 800-131A key wrapping. Export uses AES-256-GCM with split-knowledge transport keys.

CMVP testing and timeline

Cryptrig has engaged an NVLAP-accredited laboratory for FIPS 140-3 CMVP testing. The testing process typically takes 12–24 months from submission. We expect to submit CQ1 for testing in H2 2026. The CMVP queue and testing timelines are outside Cryptrig's direct control.

Evaluation units are available for procurement and integration now, with the understanding that FIPS 140-3 certification is pending. Organizations whose compliance programs require a certified module before deployment should contact Cryptrig's engineering team to discuss timeline alignment and conditional deployment options.

Next: Solutions CQ1 for financial institution infrastructure

Discuss CQ1's compliance path with our team

Contact Engineering Full Specifications