The Federal Information Processing Standard (FIPS) Publication 140-2 (FIPS PUB 140-2) is a United States government computer security standard that is used to accredit cryptographic modules. The publication is entitled Security Requirements for Cryptographic Modules and was initially published on May 25, 2001, with most recent updating on Dec. 3, 2002.
The National Institute of Standards and Technology (NIST) issued the FIPS 140 Publication Series to coordinate requirements and standards for cryptography modules for both hardware and software components. Federal agencies and departments can validate whether a module, termed a Hardware Security Module, is covered by an existing FIPS 140-1 or FIPS 140-2 certificate which specifies module name, hardware, software, firmware, and/or applet version numbers. Cryptographic modules are produced by the private sector or open source communities for use by the U.S. government and other regulated industries, including financial and health-care institutions, that collect, store, transfer, share, and disseminate sensitive but unclassified (SBU) information.
Security programs regulated by NIST address government and industry cooperation to establish secure systems and networks by developing, managing and promoting security assessment tools, techniques, and services, and supporting programs for testing, evaluation and validation. Applicability extends to development and maintenance of security metrics; security evaluation criteria and evaluation methodologies; tests and test methods; security-specific criteria for laboratory accreditation; guidance on the use of evaluated and tested products; research to address assurance methods and system-wide security and assessment methodologies; security protocol validation activities; and appropriate coordination with assessment-related activities of voluntary industry standards bodies and other assessment regimes.    Annex C of FIPS 140-2 specifies Approved Random Number Generators.