#USA #Chicago #Cybersecurity #Keeper Security #FIPS 140-3

Keeper Security Achieves FIPS 140-3 Validation

In a significant milestone for cybersecurity, Keeper Security, a preeminent provider of zero-trust and zero-knowledge Privileged Access Management (PAM) software, has successfully obtained FIPS 140-3 validation for its cryptographic module. This achievement, announced on March 6, 2025, marks another step forward in Keeper's dedication to protecting sensitive data for federal agencies and enterprises amidst a growing array of cyber threats.

What is FIPS 140-3?

FIPS 140-3, an update from its predecessor FIPS 140-2, introduces stricter security requirements to ensure the integrity and protection of sensitive government data. Key advancements in this new standard include:

• - Stronger Security Requirements: The validation ensures enhanced defenses against side-channel attacks, as well as improved entropy for random number generation and rigorous module authentication processes.
• - More Rigorous Testing and Certification: The evaluation process is now more structured, ensuring cryptographic modules conform to heightened security assurance levels.
• - International Standards Alignment: There is a greater harmonization with global standards, specifically ISO/IEC 19790:2012, which enhances compatibility and recognition worldwide.
• - Software Security Enhancements: New requirements for software-based cryptographic modules, including runtime integrity checks and improved memory protection, further strengthen security.

These enhancements fortify defenses against a wide range of sophisticated cyber threats, providing vital assurance for organizations committed to safeguarding their most critical assets.

A Comprehensive Security Approach

In addition to achieving FIPS 140-3 validation, Keeper Security is also a Federal Risk and Authorization Management Program (FedRAMP®) Authorized provider. Meeting the stringent Revision 5 security controls baseline exemplifies Keeper's ongoing commitment to top-tier cybersecurity. To achieve FedRAMP Rev 5 Authorization, organizations are required to implement controls from 18 distinct areas defined by the National Institute of Standards and Technology (NIST) Special Publication 800-53.

Notably, Keeper attained FedRAMP Authorization at the Moderate Impact Level in August 2022, and subsequently achieved StateRAMP Authorization in December 2022. This consistency in meeting and maintaining strict regulatory requirements showcases Keeper's relentless pursuit of excellence in cybersecurity.

Keeper Security also holds various certifications and compliance attestations including SOC 2 Type II and ISO certifications (27001, 27017, and 27018). Current trends in cybersecurity indicate an increasing necessity for organizations to adopt solid data protection measures amidst rising vulnerability across sectors.

Insights from Leadership

Patrick Tiquet, VP of Security and Compliance at Keeper Security, emphasized the importance of this validation, stating, "Achieving FIPS 140-3 validation reinforces Keeper's unwavering commitment to delivering the highest levels of security and compliance for our customers. This milestone demonstrates that our cryptographic module meets the most rigorous federal standards, ensuring that government agencies, enterprises, and other security-conscious organizations can trust Keeper to protect their most sensitive data."

Darren Guccione, CEO and Co-founder of Keeper Security, further elaborated, "As organizations face increasingly sophisticated cyber threats, our validated solutions empower them to effectively protect critical data while ensuring compliance with federal mandates."

Strengthening Federal Cybersecurity

With its FIPS 140-3 validated solutions, Keeper Security is affirming its reputation as a trusted provider in the cybersecurity domain. The company serves numerous clients, including notable federal agencies such as the Department of Justice, Department of Energy, and NASA, providing them with robust password and access management solutions.

KeeperPAM, the platform's core service, offers secure infrastructure access via a secure vault. By integrating Multi-Factor Authentication (MFA), KeeperPAM provides users with seamless one-click, passwordless access to servers, databases, web applications, and SaaS platforms. Unlike traditional PAM solutions, Keeper's approach is zero-knowledge and zero-trust, ensuring that sensitive information remains inaccessible to anyone outside the user's network.

This recent validation not only meets regulatory standards but solidifies Keeper's standing as a leader in the cybersecurity arena, enabling organizations to enhance their security posture effectively.

For detailed information regarding Keeper Security's FIPS 140-3 validated solutions and how they can elevate your organization's cybersecurity efforts, please visit www.KeeperSecurity.com.

About Keeper Security

Keeper Security is at the forefront of transforming cybersecurity for millions of individuals and countless organizations across the globe. With robust end-to-end encryption, Keeper's user-friendly cybersecurity platform is trusted by Fortune 100 companies to safeguard their data on every device, in every location. By integrating identity and access management components into a singular cloud-based solution, Keeper offers unmatched visibility, security, and compliance, providing organizations with comprehensive tools to defend against contemporary cyber threats.