FIPS 140-2 Compliance
What Is FIPS?
Federal Information Processing Standards (FIPS) are standards and guidelines for federal computer systems that are developed by the National Institute of Standards and Technology (NIST) in accordance with the Federal Information Security Management Act (FISMA) and approved by the Secretary of Commerce. These standards and guidelines are developed when there are no acceptable industry standards or solutions for a particular government requirement. Although FIPS are developed for use by the federal government, many in the private sector voluntarily use these standards.
What Is FIPS 140-2?
FIPS 140-2 is the current version of Security Requirements for Cryptographic Modules and is the foundation for the Cryptographic Module Validation Program (CMVP), a joint effort by the NIST and the Communications Security Establishment (CSE) for the Canadian government.
Cryptographic modules are developed by private companies, or open source communities for use by the U.S. and local governments, and other heavily regulated industries, such as financial and healthcare organizations that collect, store, transfer, share and disseminate sensitive, but unclassified (SBU) information. Cryptographic modules are submitted to the CMVP for validation. A full searchable list of FIPS modules that have been validated is maintained by the NIST.
FlexSoftware and FIPS 140-2 Compliance
FlexSoftware terminal emulation products utilize Microsoft® Windows® Secure Channel (Schannel) for encrypted communication using Transport Layer Security (TLS). With the Windows operating system configured to operate in FIPS Mode, all secure connections made with FlexTerm are compliant with FIPS 140-2, whether starting a secure display session, or using FTP to transfer files.
To ensure that only FIPS 140-2 validated algorithms are in use on Windows devices, one of the following methods should be used:
The following policy should be enabled (disabled by default):
Computer Configuration>Windows Settings>Security Settings>Local Policies>Security Options>System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
Registry Editor (Regedit)
Open Registry Editor and navigate to the following key:
Double-click the Enabled DWORD in the right-hand pane and change the value from "0" to "1". Close Registry Editor and restart the computer.
For more information, see the following document in the Microsoft® document library: