Skip to main content
FIPS 140-3 builds are an experimental feature — see Experimental Features for important caveats.

Overview

FIPS 140-3 (Federal Information Processing Standard 140-3) is a cryptographic module validation standard published by NIST (National Institute of Standards and Technology). It certifies that a software module’s cryptographic implementations — encryption algorithms, key generation, hashing, and random number generation — meet federal security requirements for protecting sensitive information. FIPS 140-3 is the current version of the standard, superseding FIPS 140-2. The Maverics Orchestrator will offer FIPS-compliant builds that use a FIPS 140-3 validated cryptographic module, ensuring that all cryptographic operations meet federal standards.

Current Status

The cryptographic module used by the Maverics Orchestrator is currently under review by NIST CMVP for FIPS 140-3 validation. FIPS-compliant builds are expected to be available in 2026.

Who Needs FIPS 140-3

FIPS 140-3 compliant cryptography is typically required by:
  • Federal and government agencies — Required by FISMA (Federal Information Security Modernization Act) for all federal information systems
  • Defense contractors — Organizations handling classified or sensitive government data under contracts that mandate FIPS-validated cryptographic modules
  • Healthcare organizations — Those handling CUI (Controlled Unclassified Information) under NIST SP 800-171 requirements
  • Financial institutions — Organizations with specific regulatory requirements mandating FIPS-validated cryptography for data protection

Feature Parity

FIPS-compliant builds of the Orchestrator have a reduced feature set compared to standard builds. Certain features may be unavailable or limited because FIPS compliance restricts the Orchestrator to using only the validated module’s approved cryptographic algorithms. Features that depend on non-FIPS-validated cryptographic operations are excluded from FIPS-compliant builds.

Recommendation

Unless your organization specifically requires FIPS 140-3 compliant cryptography, use the standard Orchestrator builds for the most complete feature set. The standard builds include the same security best practices — TLS encryption, secure key management, and strong cryptographic defaults — without the algorithm restrictions imposed by FIPS compliance requirements.

Contact

If you need FIPS-compliant builds or have questions about compliance requirements, contact your Strata account representative or reach out to sales@strata.io.

Experimental Features

Overview of all experimental features and important caveats

Security and Compliance

Compliance frameworks and audit logging

Installation

Orchestrator installation and build options