FIPS testing finds numerous crypto errors

About half of the cryptographic modules submitted for Federal Information Processing Standard validation have security flaws, a National Institute of Standards and Technology survey has found.

Almost all the evaluated products had documentation errors, said Annabelle Lee, director of NIST's Cryptographic Module Validation Program. Speaking recently at the Federal Information Assurance Conference at the University of Maryland, Lee said 80 of 164 crypto modules evaluated had flaws involving physical security, random number generation or key management. Of 332 algorithms validated, 88 had security flaws, and about two-thirds had documentation errors.

Federal organizations are required to use FIPS-compliant crypto products for sensitive but unclassified data.

About the Author

William Jackson is a Maryland-based freelance writer.


  • senior center (vuqarali/

    Bmore Responsive: Home-grown emergency response coordination

    Working with the local Code for America brigade, Baltimore’s Health Department built a new contact management system that saves hundreds of hours when checking in on senior care centers during emergencies.

  • man checking phone in the dark (Maridav/

    AI-based ‘listening’ helps VA monitor vets’ mental health

    To better monitor veterans’ mental health, especially during the pandemic, the Department of Veterans Affairs is relying on data and artificial intelligence-based analytics.

Stay Connected