NIST's CMVP Official FIPS 140-2 / 140-3 Conversion Date:

FIPS 140-2 Compliant Today,
FIPS 140-3 Compliant Tomorrow.

If you’re currently standardized on an Apricorn encrypted external drive that is FIPS 140-2 validated, rest assured that the device you’re now using will remain in compliance with the federal standards set forth by NIST’s Cryptographic Module Validation Program (CMVP) through FIPS 140-2’s official sunset date of Sept 21, 2026, and beyond. When the time comes that the new FIPS 140-3 standard officially supplants FIPS 140-2, the Apricorn product you’re already using will be updated to conform to the next FIPS standard, eliminating the need to change your existing use cases or standardize on a new product / part number.

Apricorn’s FIPS 140-3 compliance process is presently well underway for all existing Aegis FIPS validated products.

If you’re not sure of when you should start to standardize on FIPS 140-3, here’s the statement from NIST's CMVP for existing and future FIPS 140 compliance:

Applicability of Validated Modules

Modules validated as conforming to FIPS 140-2 will continue to be accepted by the Federal agencies of both countries for the protection of sensitive information (United States) or Designated Information (Canada) through September 21, 2026. After that time CMVP will place the FIPS 140-2 validated modules on the Historical list, allowing agencies to continue using these modules for existing systems only. Agencies should continue to make use of FIPS 140-2 modules until replacement FIPS 140-3 modules become available.

When Apricorn began developing encrypted drives to comply with FIPS 140-2 standards more than 16 years ago, we took the approach of surpassing the security regulations set forth by NIST and creating something that was above and beyond the minimum federal standards. Features such as:

• Elimination of factory preset pins (Forced Enrollment™)
• 8-digit PIN lengths (variable PIN lengths)
• Electronic self-testing at both startup and on demand

These are just a few of the Apricorn security features that have been part of our production offerings long before
FIPS 140-3 mandated them. 

This same above-and-beyond approach will continue in our 140-3 validated product line as well.