FIPS 140-2

You take security seriously and so do we. This section provides an overview of FIPS 140-2 validation in the connectivity product suite.

What is FIPS 140-2?

FIPS 140-2 is a standard established by NIST (National Institute of Standards and Technology) and CSE (Communications Security Establishment Canada). FIPS 140-2 pertains to cryptographic modules in software or hardware products.

FIPS 140-2 is one of many security programs overseen by NIST and CSE which focuses on working with government and industry to establish more secure systems and networks by developing, managing and promoting security assessment tools, techniques, services, and supporting programs for testing, evaluation and validation.

To whom does FIPS 140-2 validation matter?

All US Federal Government departments or agencies are mandated to purchase and use cryptographic products meeting the FIPS 140-2 standard to protect their unclassified, but sensitive data. The Canadian Communications Security Establishment encourages Canadian Government departments to use products with FIPS 140-2 certified cryptographic modules.

Private sector companies in North America, Europe and Asia have started expressing interest for purchasing software that are FIPS 140-2 certified. It is expected that FIPS 140- 2 will gain wider acceptance outside of the US government in the future.

Which Connectivity products offer FIPS 140-2 validated cryptography?

OpenSSL Self-Validated Module

The following products include the OpenSSL cryptographic module, which is certified as FIPS 140-2 compatible:

  • OpenText™ Exceed™ TurboX (all versions)
  • OpenText™ Exceed onDemand™ 8
  • OpenText™ Exceed 15
  • OpenText™ HostExplorer 15
  • OpenText™ Secure Shell 15
  • OpenText™ Exceed PowerSuite (Exceed 15)
  • OpenText™ NFS Client (HostExplorer 15)

Hummingbird Cryptographic Module

Older versions of the OpenText™ Connectivity include a FIPS 140-2 validated module called the "OpenText Cryptographic Module". This module is based on the OpenSSL 0.9.8 code branch and was certified as FIPS 140-2 compatible by NIST.

The OpenText Cryptographic Module is used in the following products:

  • OpenText™ Exceed onDemand™ 8
  • OpenText™ Exceed PowerSuite 14
  • OpenText™ Exceed™ 14
  • OpenText™ HostExplorer 14
  • OpenText™ NFS Client 14
  • OpenText™ Secure Shell 14
  • OpenText™ Secure Terminal 14

Download the FIPS 140-2 Certificate