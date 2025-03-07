Keeper Security Achieves FIPS 140-3 Validation, Adding to Extensive List of Industry-Leading Certifications

March 2025 by LA REDACTION DE GS MAG

Keeper Security announces its achievement of FIPS 140-3 validation of its cryptographic module. This milestone advances Keeper’s mission to not only meet, but exceed the latest federal security standards for securing sensitive government data.

FIPS 140-3 builds upon its predecessor, FIPS 140-2, with several key improvements, including:

• Stronger Security Requirements: Stronger protections against side-channel attacks, improved entropy requirements for random number generation and stricter module authentication.

• More Rigorous Testing and Certification: A more structured evaluation process to ensure cryptographic modules meet higher security assurance levels.

• Closer Alignment With International Standards: Harmonization with ISO/IEC 19790:2012 to improve global compatibility and recognition.

• Software Security Enhancements: Stricter requirements for software cryptographic modules, including runtime integrity checks and memory protection.

These enhancements bolster defenses against sophisticated cyber threats, providing critical assurance for federal agencies and enterprises dedicated to protecting their most valuable information.

Keeper Security is also a Federal Risk and Authorization Management Program (FedRAMP®) Authorized provider, meeting the Revision 5 security controls baseline. To receive FedRAMP Rev 5 Authorization, organizations must implement controls from 18 different control families that originate from the National Institute of Standards and Technology Special Publication 800-53. This accomplishment builds on Keeper’s announcement that it achieved FedRAMP Authorization at the Moderate Impact Level in August 2022, as well as StateRAMP Authorization in December 2022, continuously meeting and maintaining the strict requirements ever since. Additionally, Keeper holds a range of other cybersecurity certifications and compliance attestations including SOC 2 Type II and ISO 27001, 27017 and 27018.

KeeperPAM offers seamless infrastructure access through a secure vault. Simply log in with Multi-Factor Authentication (MFA) for one-click, passwordless access to servers, databases, web apps and SaaS platforms. Unlike legacy PAM solutions, KeeperPAM is zero-knowledge and zero-trust, meaning that Keeper never has access to your network, infrastructure or secrets. With a lightweight, containerized gateway, Keeper eliminates agents and on-prem complexity while providing full auditing, session logging and flexible access through UI, CLI or isolated web browsing. Keeper’s offerings include MFA for robust account security, comprehensive logging and auditing to detect and prevent threats and Single Sign-On (SSO) integration to streamline access management.

Keeper serves tens of thousands of business customers around the globe, including major federal agencies such as the Department of Justice, Department of Energy, Department of the Interior, United States Secret Service, Department of Transportation and National Aeronautics and Space Administration. With FIPS 140-3 validated solutions now available, organizations can improve their password and access management practices, significantly reducing their risk exposure. This achievement not only meets regulatory requirements but also reinforces Keeper’s role as a leader in the cybersecurity space.