|Home||What's New||Products||Download||Purchase||Support||About Us||Contact|
PRODUCTS > FIPS INFORMATION
Which VanDyke Software products support FIPS 140-2?
VanDyke Software has partnered with RSA Security, Inc. to use the BSAFE Crypto-C Micro Edition cryptography module which has been tested by Atlan Laboratories, an accredited testing laboratory for FIPS compliance. This module has met all Level 1 requirements for FIPS 140-2 compliance when operated in FIPS Mode. The product versions that can run in FIPS mode are shown below. Click the certificate number below to review the FIPS Validation Certificate for the BSAFE module used by the specified product.
* Prior to version 3.6, the 64-bit edition of VShell for Windows did not support FIPS mode.
If you need to protect data in transit as outlined by FIPS 140-2 or NIST 800-53, these products now have an administrator option to run in "FIPS Mode". When this option is set, only FIPS-approved algorithms are allowed.
FIPS-approved algorithms: The following FIPS-approved Cryptographic algorithms are used: DSA (Cert. #143); Triple-DES (Cert. #378); AES (Cert, #303); RSA (Cert. #96); SHA-1; Diffie-Hellman (used for key exchange in SSH2 is allowed in FIPS Mode but not approved).
The following algorithms are not available in FIPS Mode: MD5; Twofish; Blowfish; RC4.
VanDyke Software products are a secure replacement for Telnet and FTP, providing end-to-end protection for data in transit that meets Federal recommendations. VShell server combines strong security with simple configuration. SecureCRT and SecureFX clients provide an excellent combination of strong security, capacity for customization, and ease of use.
What are FIPS?
Under the Information Technology Management Reform Act (Public Law 104-106), standards and guidelines are developed by the National Institute of Standards and Technology (NIST) for Federal computer systems. These standards and guidelines are issued by NIST as Federal Information Processing Standards (FIPS) for use government-wide. NIST develops FIPS when there are compelling Federal government requirements such as for security and interoperability and there are no acceptable industry standards or solutions.
FIPS documents are available online through the FIPS home page.
What are the requirements set forth in FIPS 140-2?
The NIST Cryptographic Module Validation (CMV) Program was announced on July 17, 1995. This program validates cryptographic modules for conformance to FIPS PUB 140-1 and FIPS PUB 140-2, Security Requirements for Cryptographic Modules. The "Applicability" section of FIPS PUB 140-2 states that:
"This standard is applicable to all Federal agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems (including voice systems) as defined in Section 5131 of the Information Technology Management Reform Act of 1996, Public Law 104-106. This standard shall be used in designing and implementing cryptographic modules that Federal departments and agencies operate or are operated for them under contract."
|VShell Server||VShell Server||Buy Direct||Evaluation||Contact|
|SecureCRT||SecureCRT||License Pricing||Updates Policy||Press Releases|
|VanDyke ClientPack||VanDyke ClientPack||Orders FAQ||Tips & How-Tos||Customer Stories|
|Beta Software||Previous Releases||Resellers||Forums||Secure Solutions|
VShell, SecureCRT, SecureFX, Entunnel, CRT, and AbsoluteFTP are trademarks or registered trademarks of VanDyke Software, Inc. in the United States and/or other countries. All other trademarks or registered trademarks are the property of their respective owners.
Copyright © 1995 - VanDyke Software, Inc. All rights reserved.