Hotline: 1-866-986-BYOD
Support FIPS 140-2 requirements
FIPS 140-2 is a U.S./Canada standard that defines security requirements for cryptographic modules used to protect sensitive data. Modules are validated under the CMVP program at security levels 1–4 and are widely required by government and regulated industries. (Note: FIPS 140-3 is the successor standard and is now in effect.)
Download FIPS endpoint checklist (PDF)
Reference: NIST FIPS 140-2 and CMVP program documentation.
What FIPS 140-2 covers
FIPS 140-2 specifies requirements for cryptographic modules, with evaluation across areas like roles & services, key management, physical security, self-tests, and design assurance. Modules receive an overall level based on individual area ratings.
Key points:
- CMVP validation: Modules must be validated by accredited labs under the Cryptographic Module Validation Program (CMVP).
- Approved algorithms: Deploy cipher suites using approved algorithms as specified by FIPS and related annexes.
- Transition to 140-3: 140-3 replaces 140-2; many agencies accept 140-2 during the overlap while moving to 140-3.
How Codeproof helps you align with FIPS
Note: FIPS compliance requires using validated crypto modules in the underlying OS/application stack. Codeproof supports deployment and governance controls that help you enforce these requirements across devices. Your organization is responsible for selecting FIPS-validated modules and maintaining overall compliance.
- OS-level crypto posture: Enforce device encryption and policies that require OS features (e.g., FileVault/BitLocker/Wrapping keys) configured to use FIPS-approved crypto where available.
- Certificate & key lifecycle: Push certificates, install trusted roots/intermediates, and rotate keys at scale; restrict weak protocols/ciphers via managed configs.
- App allowlists: Allow only vetted apps/containers that leverage FIPS-validated crypto modules; block non-compliant apps.
- Network protections: Configure Wi-Fi, VPN, and per-app VPN with approved cipher suites; require TLS with strong parameters.
- Device integrity: Detect jailbreak/root, posture drift, and take automated remediation actions (quarantine, selective wipe).
- Audit readiness: Export device inventory, configuration states, change history, and compliance reports for auditors.
Related: iOS MDM · macOS MDM · Windows MDM · Android MDM
FIPS FAQs
Is Codeproof itself FIPS validated?
What’s the difference between 140-2 and 140-3?
How do we prove use of approved algorithms?
Does device encryption alone satisfy FIPS?
"Throughout my experience with Codeproof, it has worked flawlessly. Even more importantly, Codeproof support is unrivaled."
Working with Codeproof has been a relief, it allows our company to have control over software and devices and visibility to ensure our employees have the proper equipment to do their job each and every day.
We didn’t make a single compromise to get the protection we wanted and needed.
We have site phones that we need locked and tracked. We have recovered lost or stolen phones...and pushed new apps remotely.
The Codeproof platform not only assists in fleet management, it has made retrieving company property far more reliable.
Customer support is always accessible, and the team consistently goes out of their way to ensure the MDM platform meets all of our needs.
Codeproof had the right balance of easy individual device configuration and group-level settings, as well as an excellent support team and willingness to add new features to meet our needs, all at a competitive price.
Having our employees work in remote locations, Codeproof has really helped us manage our devices...They are very helpful and detailed when explaining thing.
Codeproof has made device management much easier than some larger MDM solutions. From the beginning of our trial Console, up to the present, we were able to easily contact the development team at Codeproof with any ideas for improvements.
With Codeproof, the first thing I noticed is that the UI is much more intuitive and simpler to navigate. I feel like there are as many, if not more, features available to me in Code Proof but they are a little easier to find.
Foundation is so grateful for the partnership with Codeproof and their willingness to support students and families in need of literacy resources. While our technical needs are likely less than that of other companies, we have found great value in the Codeproof product.
Codeproof has great customer support. If there is an issue, or if we need assistance with anything, they are very quick to respond and lend a hand.
Terrapin Pharmacy’s Executive Management and Technology Developers would be extremely likely to recommend Codeproof to others based upon the interactions we have had with the Codeproof team and the can-do culture within their organization.
Codeproof is a very comprehensive MDM product. We received great service at all times from their technicians when we had issues. They are continually working on improving the product with feedback from customers like us, so we can have better control of our remote equipment.
[An] upbeat, well-organized, and helpful company. Codeproof provided superior customer support during a time of uncertainty.
Codeproof has been an asset in maintaining security, control and reducing liability of our mobile devices by allowing us blanketed control of our mobile fleet at all times regardless of day and location. It will continue to be the foundation for our mobile security for now and the future. Their security options and scalability is priceless.
I chose Codeproof over other players in the market because it's simple and customizable dashboard caters to the needs of my business. Codeproof tries to find solutions and treats you as partners rather than just a customer.
I chose Codeproof for our internal MDM solutions over other options because the case study and utilization of the system were very understandable. It decreased our potential costs related to device investments while increasing device security and reducing operational costs.
