Go has introduced native FIPS 140-3 support in its standard library, enhancing compliance for users in regulated environments. The Go Cryptographic Module v1.0.0, which is integrated into Go 1.24, simplifies the developer experience while ensuring uncompromised security and broad platform support. This new module provides a compliant and efficient solution for cryptographic operations in Go applications.

Google commissioned Trail of Bits to audit Go's cryptography packages, resulting in one low-severity finding related to memory management in the legacy Go+BoringCrypto integration and several informational findings about potential timing side-channels. The audit confirms the security of Go's cryptography libraries and highlights ongoing improvements, including a new FIPS 140-3 mode and post-quantum cryptography support.