Federal Information Processing Standard 140-2 (FIPS 140-2) is entitled "Security Requirements for Cryptographic Modules." It's a standard that describes government requirements that hardware and software products should meet for Sensitive but Unclassified (SBU) use. The standard was published by the National Institute of Standards and Technology (NIST), has been adopted by the Canadian government's Communications Security Establishment (CSE), and is being adopted by the financial community through the American National Standards Institute (ANSI).

"The [FIPS 140-2] standard specifies the security requirements that are to be satisfied by a cryptographic module utilized within a security system protecting unclassified information within computer and telecommunication systems (including voice systems). The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3, and Level 4. These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be employed. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include basic design and documentation, module interfaces, authorized roles and services, physical security, software security, operating system security, key management, cryptographic algorithms, electromagnetic interference/ electromagnetic compatibility (EMI/EMC), and self-testing."