FIPS 140-3 and Semtech AirLink Routers

By Semtech
FIPS 140-3 and Semtech AirLink Routers

If you deploy Semtech AirLink routers in government, public safety, or any environment that requires federal cryptographic compliance, there is an important deadline on the horizon. On September 21, 2026, NIST will officially move all FIPS 140-2 validations to historical status as part of its broader cryptographic modernization effort. This marks the formal transition to FIPS 140-3, the updated federal standard for cryptographic modules.

Semtech has published a solution bulletin outlining exactly which AirLink products will receive FIPS 140-3 support and which will not. Here is what you need to know, what it means for your existing deployments, and how to plan ahead.

What Is Happening with FIPS 140-2?

FIPS 140 is the federal standard that governs how cryptographic modules (the encryption engines inside your routers, VPN appliances, and other network hardware) are validated and approved for use in government and regulated environments. FIPS 140-2 has been the benchmark since 2001. Its successor, FIPS 140-3, was approved in 2019 and introduces updated security requirements aligned with current international standards and modern threat landscapes.

When NIST moves FIPS 140-2 to historical status on September 21, 2026, it does not mean those modules stop working or that their validation certificates are revoked. Your existing FIPS 140-2 validated equipment will continue to function normally. What changes is how federal agencies approach new procurements and new deployments. Going forward, FIPS 140-3 validation will increasingly be required for any new federal project. Agencies may also conduct risk-based assessments to determine whether continued use of historical modules is appropriate for their specific deployment context.

Semtech will pursue FIPS 140-3 compliance for its AirLink OS-based router portfolio. The following routers will receive FIPS 140-3 support:

  • AirLink RX55
  • AirLink RX400
  • AirLink EX400
  • AirLink XR60
  • AirLink XR80
  • AirLink XR90

The FIPS 140-3 compliant cryptographic module will be delivered in AirLink OS 6.1, which Semtech is targeting for release in June 2026. If you are already running one of these routers, upgrading to AirLink OS 6.1 when it becomes available will be your path to FIPS 140-3 compliance. This is significant because it means existing hardware investments in these platforms are protected. You do not need to replace the router, just update the firmware.

For those following the AirLink OS roadmap, this lines up with what Semtech signaled in the AirLink OS 6.0 release, where many capabilities introduced for the EX400 and RX400 were described as setting the stage for broader platform features in 6.1.

Semtech has confirmed it will not pursue FIPS 140-3 compliance for several products, including:

  • AirLink Connection Manager (ACM) – all current and future versions
  • AirLink LX40
  • AirLink LX60
  • AirLink RV55
  • AirLink MP70
  • AirLink MG90

These products will maintain their existing FIPS 140-2 compliance where applicable, and those validations will transition to historical status along with all other FIPS 140-2 certifications on September 21, 2026. They remain valid for existing deployments and legacy system support, but they will not meet the requirements for new federal procurements that mandate FIPS 140-3.

This is a clear signal from Semtech about where the AirLink platform is headed. The AirLink OS-based routers (the RX, EX, and XR families) represent the go-forward portfolio, while the older ALEOS-based products (LX40, LX60, RV55, MP70, MG90) are in a maintenance and legacy support phase.

What Should You Do Now?

If FIPS compliance is part of your deployment requirements, here is how to approach the transition:

First, audit your current fleet. Identify which routers are in FIPS-regulated environments and whether they are running AirLink OS-based platforms or legacy ALEOS models. Any deployment using the RX55, RX400, EX400, XR60, XR80, or XR90 has a clear firmware upgrade path to FIPS 140-3 through AirLink OS 6.1.

Second, plan your equipment refresh cycles around the September 2026 deadline. If you have LX40, LX60, RV55, MP70, or MG90 units in environments that will require FIPS 140-3 for new procurements, now is the time to start planning migration to a supported AirLink OS platform. The AirLink RX400 and EX400 are particularly strong candidates for organizations replacing older fixed-site routers, while the XR80 and XR90 serve vehicle and mobile use cases where the MP70 and MG90 have traditionally been deployed.

Third, for any deployment that currently relies on FIPS 140-2 and does not require FIPS 140-3, understand that historical status does not break anything. Your existing routers, including the legacy models, will continue to operate normally. The cryptographic modules inside them do not change. The validation certificates are not revoked. Federal agencies may continue using historical modules based on a risk-based assessment of the deployment context.

5Gstore Take

This is a well-executed transition plan from Semtech. The fact that FIPS 140-3 is coming as a firmware update (AirLink OS 6.1) rather than requiring new hardware purchases is a meaningful win for customers who have already invested in the AirLink OS platform. It protects your capital investment and gives you a clear compliance path three months ahead of the NIST deadline.

For customers still running legacy ALEOS-based routers in FIPS environments, this bulletin is a planning signal, not a panic signal. Your existing deployments are fine. But if you are speccing out new projects or refreshing equipment in government or regulated environments, the choice is clear: deploy on the AirLink OS platform now and you will be ready for FIPS 140-3 when it ships.

If you need help planning a migration, selecting the right AirLink OS router for your use case, or understanding how FIPS 140-3 affects your specific deployment, contact us at 5Gstore.com. We sell and support Semtech AirLink routers and can help you navigate this transition.

FAQ

Q: Will my current FIPS 140-2 validated AirLink router stop working on September 21, 2026? A: No. Existing FIPS 140-2 validated modules will continue to operate normally. There is no impact to functionality, performance, or cryptographic operations. The validation certificates are not revoked; they simply move to NIST’s historical list.

Q: What does “historical status” actually mean? A: Historical status means NIST considers the validation standard outdated for new procurements. Existing deployments can continue using historical modules, and federal agencies may evaluate continued use based on risk assessment. It does not mean the encryption is broken or the router is noncompliant for its current role.

Q: Which AirLink routers will support FIPS 140-3? A: The RX55, RX400, EX400, XR60, XR80, and XR90 will all receive FIPS 140-3 support through AirLink OS 6.1, targeted for June 2026.

Q: Do I need to buy new hardware to get FIPS 140-3? A: Not if you are already running one of the supported AirLink OS-based routers. Upgrading to AirLink OS 6.1 will deliver the FIPS 140-3 compliant cryptographic module. If you are running a legacy product like the LX40, LX60, RV55, MP70, or MG90, you will need to migrate to a supported platform for FIPS 140-3 compliance.

Q: Will AirLink Connection Manager (ACM) get FIPS 140-3 support? A: No. Semtech has confirmed that ACM will not receive FIPS 140-3 support in any current or future version.

Q: When will FIPS 140-3 be available for AirLink routers? A: Semtech is targeting AirLink OS 6.1 for release in June 2026, approximately three months ahead of the September 21, 2026 NIST deadline.

Related posts:

  1. Securing Sensitive Data: Understanding FIPS 140-2 and Its Importance
  2. Master PCI Compliance: Strengthening Your Business Network
  3. Why Quectel’s Addition to the DoD’s 1260H List Is a Critical Warning for 5G Router Buyers
  4. What Is Band 106? 900 MHz Private LTE For Utilities, Anterix And Semtech AirLink XR Routers