You take security seriously and so do we. This section provides an overview of FIPS 140-2 validation in the connectivity product suite.
FIPS 140-2 is a standard established by NIST (National Institute of Standards and Technology) and CSE (Communications Security Establishment Canada). FIPS 140-2 pertains to cryptographic modules in software or hardware products.
FIPS 140-2 is one of many security programs overseen by NIST and CSE which focuses on working with government and industry to establish more secure systems and networks by developing, managing and promoting security assessment tools, techniques, services, and supporting programs for testing, evaluation and validation.
All US Federal Government departments or agencies are mandated to purchase and use cryptographic products meeting the FIPS 140-2 standard to protect their unclassified, but sensitive data. The Canadian Communications Security Establishment encourages Canadian Government departments to use products with FIPS 140-2 certified cryptographic modules.
Private sector companies in North America, Europe and Asia have started expressing interest for purchasing software that are FIPS 140-2 certified. It is expected that FIPS 140- 2 will gain wider acceptance outside of the US government in the future.
OpenSSL Self-Validated Module
The following products include the OpenSSL cryptographic module, which is certified as FIPS 140-2 compatible:
Older versions of the OpenText™ Connectivity include a FIPS 140-2 validated module called the "OpenText Cryptographic Module". This module is based on the OpenSSL 0.9.8 code branch and was certified as FIPS 140-2 compatible by NIST.
The OpenText Cryptographic Module is used in the following products: