What is FIPS 140-2?
FIPS 140-2 is a standard established by NIST (National Institute of Standards and Technology) and CSE (Communications Security Establishment Canada). FIPS 140-2 pertains to cryptographic modules in software or hardware products.
FIPS 140-2 is one of many security programs overseen by NIST and CSE which focuses on working with government and industry to establish more secure systems and networks by developing, managing and promoting security assessment tools, techniques, services, and supporting programs for testing, evaluation and validation.
To whom does FIPS 140-2 validation matter?
All US Federal Government departments or agencies are mandated to purchase and use cryptographic products meeting the FIPS 140-2 standard to protect their unclassified, but sensitive data. The Canadian Communications Security Establishment encourages Canadian Government departments to use products with FIPS 140-2 certified cryptographic modules.
Private sector companies in North America, Europe and Asia have started expressing interest for purchasing software that are FIPS 140-2 certified. It is expected that FIPS 140- 2 will gain wider acceptance outside of the US government in the future.
Which Connectivity products offer FIPS 140-2 validated cryptography?
All products that contain encryption are impacted by the FIPS 140-2 standard. In order to facilitate its FIPS 140-2 certification effort, the OpenText Connectivity Solutions Group has created the "OpenText Cryptographic Module". This module, which is part of the default product install, contains all the necessary encryption algorithms and authentication methods that are required to perform secured connections.
The module is used in the following products:
- Exceed onDemand 8
- Exceed PowerSuite 14
- Exceed 14
- HostExplorer 14
- OpenText NFS Client14
- OpenText Secure Shell 14
- OpenText Secure Terminal 14
Version 15 Products
Connectivity 15 products, including OpenText Exceed 15, OpenText HostExplorer 15and OpenText Secure Shell 15, are built using the latest OpenSSL Cryptographic Module, which is not yet validated for FIPS 140-2 compliance. Customers that require FIPS 140-2 validated cryptography are recommended to use version 14 products until the version 15 module is officially approved.
A FIPS validated module for version 15 products is expected to be available by August 2015.
Click here for more information on the FIPS 140-2 standard