The Geomys logo, an ink outline of a quaint Italian town on the side of a mountain.

Geomys handles the CMVP validation of the FIPS 140-3 Go Cryptographic Module, and contributes the module to the upstream Go project, for the benefit of the Go community.

The FIPS 140-3 Go Cryptographic Module is distributed as part of the upstream Go toolchain, where it is seamlessly integrated with the cryptography packages of the Go standard library, and it is replacing the legacy Go+BoringCrypto mode. All FIPS 140-3 approved algorithms in the standard library are implemented by the module, including post-quantum key exchange algorithm ML-KEM, and the module is tested on a wide range of platforms.

Geomys ensures the ongoing support and maintenance of the FIPS 140-3 Go Cryptographic Module, including at least one validation per year of the latest updates to the standard library cryptographic packages, to comply with new requirements and integrate new features and performance improvements, and validations of security fixes as needed for supported versions of the module in response to any vulnerabilities or CVEs that can’t be effectively mitigated with a regular Go version update.

Geomys provides additional commercial services in support of the certification and compliance requirements of Go enterprises, including multiple Fortune 100 companies.

The FIPS 140-3 logo.

Enterprise Package

As part of this retainer package, we offer a suite of services that provide a comprehensive and non-disruptive solution to the FIPS 140-3 requirements of Go deployments.

* Inclusion of additional tested Operating Environments and attestations explicitly covering the customer’s products rather than the FIPS 140-3 Go Cryptographic Module may be extra depending on the circumstances.

We offer these services exclusively as a time-based retainer to better match the ongoing nature of compliance requirements, and to ensure customers aren’t left behind on unsupported or vulnerable versions of the FIPS 140-3 Go Cryptographic Module.

$80,000/year

We work with your procurement process. Email us at fips140@geomys.org.

Essential Package

This lightweight and cost-effective offering provides all the information necessary to effectively integrate the upstream FIPS 140-3 Go Cryptographic Module in your development cycle, with supporting material to answer the questions of customers and auditors.

$800/month or $9,600 $8,640/year
(self-service credit card, direct debit, or bank transfer)

$10,000/year
(quote / PO / invoice via fips140@geomys.org)