FIPS 140 Government Certification: Why it matters

By submitting devices through the meticulous testing and thorough evaluation of FIPS 140-2/FIPS 140-3 Certification, Kanguru and iStorage demonstrates a serious commitment to organizations to help them secure their data in any environment, with first-class data encryption that meets the highest standard.

Select Kanguru Defender® secure products, the Defender 3000, Defender Elite300, Defender SSD/HDD350 and Defender SED300 have achieved FIPS 140-2 Certification. Similarly, several of iStorage’s hardware-encrypted, PIN-protected devices have been certified for FIPS 140-2. As the industry benchmark moves toward FIPS 140-3, the iStorage datAshur PRO+C and datAshur PRO+A, are the first USB flash drives to have achieved the landmark FIPS 140-3, Level 3 validation in December 2024. Additionally, the iStorage datAshur PRO2, diskAshur3, diskAshur DT3, diskAshur M2, and diskAshur PRO3 feature a secure microprocessor with Common Criteria EAL5+ (Hardware Certified), delivering top-tier government certifications and unmatched security for your organization.

The Kanguru Defender 3000 is in process for FIPS 140-3 Level 3 certification which will replace the current FIPS 140-2 Level 3 certification. The current Kanguru Defender portfolio is built upon the framework of the predecessor models of Defender devices and remote management which achieved Common Criteria EAL2+ certification under the German government security agency, BSI.

FIPS 140-2

FIPS 140-2, or Federal Information Processing Standard 140-2 establishes stringent security requirements for cryptographic modules.  It is overseen by CMVP (Cryptographic Module Validation Program) a joint effort between the U.S. National Institute of Standards and Technology (NIST) and Canada’s Communications Security Establishment (CSE).  CMVP ensures consistent security standards across government and commercial organizations in both countries.

The FIPS 140 series, which is no longer accepting new certifications, included four escalating levels of security (levels 1-4) each addressing a progressively rigorous set of criteria. These criteria span areas such as cryptographic algorithms, physical security measures, module interfaces, basic design, and comprehensive documentation. Each level ensures higher standards of testing and security depending on the needs of the user. FIPS standards are reviewed every five years by NIST. The National Institute of Standards and Technology and have been widely adopted internationally by governments, institutions, and businesses requiring trusted security solutions.

FIPS 140-3

In September 2020, FIPS 140-3 became the most current standard with active module testing, building on the foundation of FIPS 140-2 by introducing updated methodologies, improved testing processes, and stronger security measures, particularly for Level 3. This level emphasizes robust physical security, authentication mechanisms, and tamper resistance, ensuring cryptographic modules provide reliable protection against increasingly sophisticated threats.

In December 2024 iStorage achieved FIPS 140-3, Level 3 certification for the datAshur PRO+C and the datAshur PRO+A, becoming the vendor with the first hardware encrypted USB flash drives to achieve this prestigious validation worldwide.

Kanguru and iStorage, Leaders in FIPS-Certified Security

By meeting the rigorous requirements of both FIPS 140-2 and FIPS 140-3, iStorage/Kanguru demonstrates a steadfast commitment to delivering trusted security solutions. The combined companies have achieved certifications at the highest levels of FIPS standards, ensuring Government / Public Sector, and Commercial customers can confidently rely on these security products.

Achieving FIPS 140-3 and FIPS 140-2 Certification ensures military-grade hardware encryption, brute-force protection, and superior performance. Unlike software-based encryption methods, Kanguru's Defender Series, and iStorage datAshur and diskAshur products integrate encryption directly into the hardware, eliminating the need for software installation and simplifying use for customers.

Looking forward, Kanguru recognizes the importance of FIPS 140-3 certification. This updated standard enhances security assurance through stricter evaluation and testing, ensuring devices are well-equipped to protect
data against modern threats. Kanguru continues to innovate, designing products that exceed expectations for robust security and ease of use.

With the enormous costs and ramifications associated with a data security breach, government and regulatory organizations have cracked down on financial corporations, medical institutions, and businesses alike, holding them accountable for maintaining, structuring and managing security of all sensitive data.  Regulatory Acts such as GDPR, Sarbanes-Oxley, Gramm-Leach-Bliley and HIPAA are just a few of the stringent regulations keeping organization’s “feet to the fire” so to speak.  Violating or breaching these Acts comes with some very stiff penalties.  Companies dealing with highly-sensitive or personal data must adhere and comply with these regulatory standards.  Kanguru ensures that their products adhere to the highest of standards in order to assist companies and organizations to hold fast to these regulations.

Customers can be confident that Kanguru FIPS evaluated products meet the toughest and most demanding regulatory data security standards in the industry, providing the strongest option available for compliance. These accreditations ensure that data is safe.

Kanguru demonstrates its global commitment to excellence, and its pledge to deliver the best in trusted data security products for clients.

Additional certifications and regional, security reviews:

• Common Criteria Certified Microprocessor (EAL5+)
• NATO
• NCSC CPA (UK)
• NLNCSA (Netherlands)
• BZD (Germany)
• BSI – Common Criteria (Historical list)