By Corey Clements

As a certified third-party assessment organization (3PAO), SecureIT has wide-ranging experience with the issues and challenges that cloud service providers (CSPs) encounter as they prepare for FedRAMP assessments. One area that generates lots of questions is FIPS 140-2 validated encryption.

FIPS 140-2 stands for Federal Information Processing Standard 140-2, a security standard for cryptographic modules issued by the National Institute of Standards and Technology (NIST). CSPs providing technology solutions to Federal agencies must demonstrate compliance with FedRAMP requirements for FIPS 140-2 validated encryption modules in order to achieve and maintain FedRAMP authorization.


SecureIT has recently completed two FedRAMP Tech Bulletins on FIPS 140-2 validation to educate and provide guidance for CSPs preparing for a FedRAMP assessment:

  • “FedRAMP Insights: FIPS 140-2 Validation Q&A” (ready now)
  • “FedRAMP Insights: FIPS 140-2 Validation Examples”  (coming soon)

These bulletins provide background information, FAQs with detailed explanations, and step-by-step examples to illustrate how CSPs can demonstrate compliance with FedRAMP requirements for FIPS 140-2. Understanding the scope of effort for this critical component of FedRAMP authorization is key for effective planning and execution of your compliance efforts.


Partnering with an accredited FedRAMP 3PAO who provides compliance and audit experience targeted to the needs of your business will help you achieve FedRAMP authorization in less time, with less cost and less less mistakes. Please contact us to learn more about our FedRAMP Advisory and Assessment services.