Steve Ratcliffe, TME, Cisco Systems The majority of systems tested in the past have one cryptographic module. However more and more systems are operating with more than one crypto module. Complex systems might use a dedicated hardware crypto module for accelerating its physical cryptography and another crypto module for other services in software. How can a system with more than one crypto module be FIPS 140-2 validated when the crypto modules are operating independently of each other, such as a server running its own crypto module with an extra virtual crypto module inside? Or how about a system with two independent crypto modules with no functionality shared between the modules? Can you validate two or more crypto modules independently and let the user combine them in one system? Can two crypto modules be validated together yet operate independently? We’ll explore the problems and potential solutions for validating systems with embedded crypto modules.