Leveling Up with FIPS 140-3 on our 60 Series SOM

Ezurio provides FIPS 140-2 support on the 60-SOM, providing a complete cryptographic solution for medical applications as well as other extremely sensitive data. Now, we go one step further with FIPS 140-3.

Published on December 11, 2025

Leveling Up with FIPS 140-3 on our 60 Series SOM

Cryptographic Essentials, Brought to You by Ezurio

For those designing into the most sensitive applications and handling the most crucial data, the ultimate best guidelines in cryptography come down to one name: FIPS 140. Developed by the US National Institute of Standards and Technology (NIST), the Federal Information Processing Standards (FIPS) provide a clear framework and requirements for computer systems and handling important data. FIPS 140 is a subset of those standards that prescribes security standards for cryptographic modules to protect sensitive data. These standards also set forth how to test and certify these security standards are met.

While they’re most commonly required in medical applications (particularly in American government hospitals), the FIPS 140 standards are based on ISO and IEC standards that are used worldwide, and as such are representative of the world’s best practices in cybersecurity. This is simply due to their effectiveness and comprehensive approach to ensuring data safety both in transit and at rest across systems.

Developing a FIPS-certified cryptographic module requires thorough planning, a long view of your product’s lifecycle, and mechanisms at multiple levels of your design to ensure trust and protection at multiple dependent layers to prevent unauthorized access to data. Ezurio makes this much easier for our customers with our FIPS 140-3 Level 1-certified 60 Series System-on-Module, as part of our Summit Suite Security Solutions. Now, in a worldwide first, Ezurio is proud to announce we’re the first vendor to provide a validated FIPS 140-3 Level 1 module that includes Wi-Fi data-in-transit which is pre-engineered to integrate into highly sensitive device designs.

In this post we’ll look at the evolution of FIPS 140, what FIPS 140-3 specifies for cryptographic systems, and the value our FIPS 140-3-validated 60-SOM provides for our customers.

What’s FIPS 140?

FIPS 140 is specifically interested in cryptographic modules, which are the hardware, software, or hardware AND software components responsible for encrypting and decrypting data as a subset of a larger system. 

FIPS 140 has undergone multiple revisions since it was first issued as FIPS 140-1 in 1994. Adjusted for emerging technology, and learning lessons from both private and public usage, FIPS 140-2 was issued in 2001. FIPS 140-2 required stricter protections, more attention to documentation and lifecycle management, and new authentication methods. These addressed both the increased volume of security compromises, as well as the increased uniquity of the computerization and digitization of sensitive processes and data. 

This progression has continued with FIPS 140-3, which makes more nuanced definition of cryptographic module types and makes more stringent demands on designing and maintaining digital systems further into their lifecycle as legacy systems pose future security threats. 


fips-logos-shadow.png

FIPS 140-3: Key Differences 

Whereas much of the FIPS rationale and the resulting standards have remained the same, there are key differences which have implications for the longevity of OEM devices, the types of algorithms and mechanisms that are accepted, and the terms and definitions used. These are drawn from other key pieces of the FIPS standard such as FIPS 197, FIPS 186-5, and others which define specific technical requirements and approved algorithms for FIPS compliance, certification, and validation. 

The following is a summary of the most important changes: 

  • Changes to accepted AES, DSS, and SHS methods: FIPS 140-3 requires manufacturers to utilize secure encryption algorithms, signatures, and security hashes that are more suitable for modern security challenges. Full details are available in the links above, but examples include deprecating or disallowing of new implementations of two-key and three-key TDEA, SKIP JACK, disallowing signatures with less than 112 bits of security strength, and legacy-use only for SHA1.
  • Redefinition of “Cryptographic Module” types: Where FIPS 140-2 recognized software, hardware, and hybrid as the three cryptographic module types, FIPS 140-3 makes finer distinctions. Cryptographic modules are now defined as hardware, firmware, software, hybrid-software, and hybrid-firmware to account for more nuanced differences. 
  • More emphasis on life cycle maintenance and end-of-life: Many devices that stay online past their maintenance cycle become vulnerable targets to be aggregated into botnets, to leak sensitive information, and more. FIPS 140-3 requires OEMs to more thoroughly document and implement obsolescence plans to keep legacy devices from becoming targets for bad actors. 
  • Better test definitions and test tool guidance: New test protocols are clearer and provide greater certainty of compliance, and new guidance advises and encourages automation protocols to further ensure the reliability and accuracy of this testing. 


icon-checkmark_0.png

Our 60 Series SOM – Providing an Entire Security Team on a Single Board

As you can imagine from the above terms and requirements, ensuring FIPS compliance, validation, and certification is not a simple task. It requires careful reading and accounting for the technical details, a long-term plan, thorough documentation of that plan and any exposures or discovered flaws, all adding up to months or years of development. 

This is the value that Ezurio provides to our customers with our FIPS-validated 60 Series SOM. For years, we’ve been providing a system on module with a FIPS 140-2-validated cryptography solution to customers in the most demanding markets.  For those working with patient data in medical, dealing with sensitive government requirements, or simply highly invested in security excellence, our 60 Series SOM has provided the backbone for countless demanding designs. 

Now, we step up to the next level as the world’s first FIPS 140-3 cryptographic solution on a system-on-module that includes Wi-Fi data-in-transit. Customers can leverage our meticulously engineered security architecture in their product designs, accelerating their route to enabling a FIPS 140-3 certified cryptographic module in their end product. As part of our comprehensive Summit Suite Security Solutions, our FIPS 140-3 validation takes advantage of our ground-up approach to cryptography.

Our work allows devices to operate on US Federal Government-controlled Wi-Fi infrastructure, with software builds pre-prepared to meet these stringent system requirements. It also enables the maximum compatibility possible with other Wi-Fi systems, offering WPA2 (Personal and Enterprise), WPA3 (Personal and Enterprise), and WPA3 Enterprise CNSA 192-bit mode. 

The best part for our customers? This means existing customers have a software upgrade path to FIPS 140-3 certification on the 60 Series SOM. Our FIPS 140-3 validation can be leveraged on existing end devices by updating to our FIPS 140-3 software package.

Ezurio is your connectivity expert, and your vision is our mission. Our 60 Series SOM is a piece of that mission, bringing an entire team of security experts to you right on a single piece of silicon. 

To learn more about the 60 Series SOM, please visit: 

https://www.ezurio.com/system-on-module/microchip/60-series-som-wifi-80211ac-and-bluetooth-51 

To learn more about our Summit Suite and FIPS Validation, please visit: 

https://www.ezurio.com/iot-software/summit-suite 


60 Som Render 333.png