Axis provides FIPS 140 protection for millions of deployed products

Future-proof, software-based protection 

AXIS OS 12.4 includes the NIST (National Institute of Standards and Technology) approved Axis Cryptographic Module, with FIPS 140-2 Level 1 certification to ensure only approved, high-security cryptographic algorithms are used to secure HTTPS, IEEE 802.1X, IEEE 802.1AE MACsec, and other TLS-based connections in the future. This cryptographic module underwent testing according to the standard and is officially listed on  NIST Cryptographic Module Validation Program (CVMP).  

AXIS OS 12.4 is available for more than 150 product models and tens of millions of deployed Axis products, including cameras, intercoms, access control devices, and speakers. It enables these devices to be updated to meet the base cryptographic requirements for FIPS 140-2. Customers can download AXIS OS 12.4 and benefit from it for free. With the release of AXIS OS 12.4, FIPS 140-2 compliance will no longer be limited to next generation of Axis Q-line portfolio. Moving forward, the entire Axis portfolio will benefit from this future-proof software that ensures the base level of FIPS 140-2 certification while also delivering high standards for cybersecurity, quality, and long-term value.  

Standardized framework for greater security and reliability 

FIPS 140 are widely recognized as state-of-the-art security standards for US and Canadian federal agencies and consequently serve as a purchasing guideline across the private sector. There are currently two versions of FIPS 140, and each one specifies the security requirements of the hardware and software modules needed to ensure the confidentiality and integrity of data. 

FIPS 140-2 specifies enhanced requirements for algorithm validation and physical security. FIPS 140-3 modernizes the standard to reflect advancements in cryptography.*  

In addition, FIPS 140 standards are categorized by four security levels covering different applications and environments. Each level adds more stringent requirements. 

• Level 1: This is the entry level of the FIPS 140 standards and covers requirements such as only using approved cryptographic algorithms. AXIS OS 12.4 includes a FIPS 140-2 Level 1 certified Axis Cryptographic Module to meet the requirements.
• Level 2: Introduces physical security protection and authentication requirements when processing cryptographic operations and secure key storage.
• Level 3: Requires more sophisticated anti-tampering detection, intrusion response, and identity-based access. Often incorporated in various IoT devices, this is also the highest certified level for Axis devices. For instance, AXIS Q1809-LE Bullet Camera, launched in July 2024, is the first FIPS 140-3 Level 3 compliant Axis device with a FIPS 140-3 Level 3 certified hardware cryptographic computing module inside. Read more.
• Level 4: Demands the highest level of physical protection and stringent multi-factor authentication. This level is required in military and mission-critical applications. 

Protection throughout the device lifecycle  

Axis is committed to complying with industry standards and, as part of a multi-layer strategy, continues to invest in a portfolio equipped with high-performance cryptographic computing modules. When it comes to cybersecurity, Axis provides protection throughout the device lifecycle, from product design and production to beyond the point of purchase. Through AXIS OS updates, customers can be confident that their devices are future-proof and meet long-term cybersecurity requirements, such as FIPS 140 compliance.

* By the time FIPS 140-2 Level 1 becomes ineffective in September 2026, Axis plans to have updated the module and its certification to FIPS 140-3 Level 1. This update will be available for customers through AXIS OS software releases.