FIPS Frequently Asked Questions and Resources

Welcome to our FIPS FAQ and Resources Page.

Frequently Asked Questions

General Questions

  1. Q 1. How to do I join the early access program?
    In general the best way to join is by getting a support contract, if you are specifically interested in a particular release, early access is also provided to people donating 10000 USD or more to sponsor the release. Sponsors are also provided with bragging rights if they want them.

  2. Q 2. What extras do I get with the early access program?
    Apart from access to the latest source of the FIPS API as it evolves and the right to use it, you also get access to the full source for both the CAVP and operations test harnesses, the original documentation, and some various other tools we have found useful.

  3. Q 3. We want to do a private validation of some, or all, of the APIs, what do we do?
    You will need a support contract and to pay a rebrand fee. This will give you an authority letter for NIST granting permission to do the rebrand, access to consulting time for any issues you might have, as well as all the features of the early access program. Speak to your lab, if you don't have a lab already, or are unsure what to do next, read on.

  4. Q 4. When we told our developers about our plans to do a certification, they disappeared into the server room and didn't come out! We think they're hiding under the floor, is there anyone who can help?
    Yes, see our list of FIPS consultants. After you have selected one, the news you are getting some help, plus the smell of freshly brewed coffee is normally enough to get people back into the light.

  5. Q 5. Our developers are already experienced but we do not have an existing relationship with a testing lab, are there any you have worked with?
    Yes, see our list of FIPS accredited testing labs.

  6. Q 6. So you really are funding this effort with a mixture of support contracts, donations, and sponsorships?
    Yep. We're a legion and diversity is strength!

  7. Q 7. Are there any other compelling reasons for getting a support contract?
    As it happens there are. We have found two things that distinguish our support contract holders from our regular user base. Developers with access to a support contract are more likely to raise an issue with us early rather than try and muddle through, and developers with access to a support contract also take a more active interest in the beta releases, both FIPS and non-FIPS. The second one is useful as it means any issues or shortfalls in the beta are able to be fixed while the updates are still in beta. The first one is a real cost saver as it does not lead to us receiving emails starting with "Our development team has spent (some number of) weeks trying to work out..." It is much cheaper to have a support contract!

  8. Q 8. I am still not quite there with the support contract, can I still report an issue?
    Sure. Please comtact us on We can also provide a PGP key if you believe the issue is a security concern or otherwise requires it.

Java Related Questions

  1. Q 1. Where can I find the Bouncy Castle FIPS certified APIs for Java?
    The current and previous Java FIPS releases are at

  2. Q 2. What JVMs are the APIs currently certified for?
    The current APIs are certified for Java 1.7, Java 1.8, and Java 1.11.

  3. Q 3. Are there any versions for Android?
    FIPS on Android is a little complex - the FIPS module needs to be installed on the device in order for all the start up tests to be run correctly. Based on the widely respected "org.spongycastle" trick, we have actual FIPS modules in the package "org.stripycastle" for Lollipop, Marshmallow, Nougat, and Oreo.

    We also have an "org.spongycastle" packaging with some start up tests disabled that can used in an application. Note: this last one is FIPS derived not FIPS compliant.

    The Android releases are currently only available under the early access program.

  4. Q 4. Is there a roadmap for future Java releases?
    Yes, you can find some more details on our Java FIPS roadmap page.

C# .NET Related Questions

  1. Q 1. Where can I find the Bouncy Castle FIPS certified APIs for C# .NET?
    The current and previous C# .NET FIPS releases are at

  2. Q 2. What Common Language Runtime (CLR) are APIs for C# .NET targeted at?
    The base CLR for the C# .NET FIPS is CLR 4.

  3. Q 3. Is there a road map for future C# .NET releases?
    Yes, you can find some more details on our C# .NET FIPS roadmap page.

FIPS Consultants and Accredited Labs

This is the current list of people/organisations we've worked with at some level. The main thing they have in common is they've shown the sensibility (and even humor) required to work with an Open Source effort like Bouncy Castle and regimes like that of FIPS 140-2 and Common Criteria.

If you are trying to work out the ordering, the list is alphabetical. If you would like to be on the list and you are not, contact us at Putting the list together proved trickier than we thought, we apologize in advance if we've left someone off who should be on it.

FIPS Consultants

Corsec Security, Inc.

Contact: Jake Nelson

Corsec Security, Inc.
13921 Park Center Rd #460,
Herndon, VA 20171
United States of America

KeyPair Consulting

Contact: Mark Minnoch

KeyPair Consulting
987 Osos Street
San Luis Obispo, CA 93401
United States of America

Symbiotic Systems Research

Contact: Randall Steck

Symbiotic Systems Research
5618 Bloomfield Drive, Suite #1
Alexandria, VA 22312
United States of America

FIPS Accredited Labs

Acumen Security

Contact: Josh Kolstad

Laboratory Manager,
Acumen Security
18504 Office Park Dr
Montgomery Village, MD 20886
United States of America


Contact: Eugene Polulyakh

Laboratory Director
1933 O'Toole Way
San Jose, CA 95131
United States of America


Contact: Travis Spann

Laboratory Director
415 Fairchild Dr.
Mountain View, CA. 94043
United States of America

Lightship Security, Inc.

Contact: Jason Lawlor

Lightship Security
302 - 135 Rideau Street,
Ottawa, ON K1N 5X4


Contact: Gerrit Kruitbosch

UL - InfoGard Laboratories
709 Fiero Lane, Suite 25
San Luis Obispo, CA 93401
United States of America