“…FIPS 140 is a US Government standard that defines a minimum set of the security requirements for products that implement cryptography. This standard is designed for cryptographic modules that used to sensitive but unclassified information.
Testing against the FIPS 140 standard is maintained by the Cryptographic Module Validation Program (CMVP), a joint effort between the National Institute of Standards (NIST) and the Communications Security Establishment of Canada (CSEC).
The current standard defines four-levels of increasing security, 1 thru 4. Most software products (including all Microsoft products) are tested against the Level 1 security requirements…”
To learn more about FIPS 140 standards and how Microsoft works within that framework, check out:
Thomas W Shinder MD, MCSE, MVP