FIPS Standards Hub What is included

Layer one is the algorithm layer. It includes AES, secure hash, digital signatures, and post-quantum primitives. These documents tell you what the primitive is and what algorithm-level requirements apply.

Layer two is the module layer. FIPS 140-3 defines security requirements for cryptographic modules, and the CMVP validates modules against those requirements through labs, test evidence, and Security Policies.

This hub includes FIPS 140-3, the CMVP program context, and the implementation-guidance layer that affects how real submissions are scoped and tested.

That means you can use the hub to understand boundary, approved mode, services, self-tests, and the supporting SP 800-140 family used in the CMVP ecosystem.

The hub includes the FIPS crypto standards most commonly referenced in product security, validation, and procurement work.

Treat this as an implementation set: it helps you choose algorithms, set safe defaults, and create evidence-backed decisions.

The hub also points to the cryptographic NIST SP ecosystem that makes the FIPS documents usable in practice. Those publications include the SP 800-140 family for CMVP use, SP 800-175B for applying cryptographic standards, SP 800-89 for signature-assurance methods, SP 800-208 for stateful hash-based signatures, and SP 800-227 for KEM guidance.

These are not replacements for the FIPS standards. They are the companion guidance that helps teams implement, validate, and defend decisions.

This hub is designed as a workflow. If you follow it, you should end up with a crypto inventory, a list of allowed algorithms and parameters, an approved-mode story where relevant, and an evidence pack that makes audits and procurement responses predictable.

Use the comparison pages to reduce program confusion: FIPS versus NIST SP and FIPS versus Common Criteria.