FIPS 140-2

You take security seriously and so do we. This section provides an overview of FIPS 140-2 validation in the connectivity product suite.

What is FIPS 140-2?

FIPS 140-2 is a standard established by NIST (National Institute of Standards and Technology) and CSE (Communications Security Establishment Canada). FIPS 140-2 pertains to cryptographic modules in software or hardware products.

FIPS 140-2 is one of many security programs overseen by NIST and CSE which focuses on working with government and industry to establish more secure systems and networks by developing, managing and promoting security assessment tools, techniques, services, and supporting programs for testing, evaluation and validation.

To whom does FIPS 140-2 validation matter?

All US Federal Government departments or agencies are mandated to purchase and use cryptographic products meeting the FIPS 140-2 standard to protect their unclassified, but sensitive data. The Canadian Communications Security Establishment encourages Canadian Government departments to use products with FIPS 140-2 certified cryptographic modules.

Private sector companies in North America, Europe and Asia have started expressing interest for purchasing software that are FIPS 140-2 certified. It is expected that FIPS 140- 2 will gain wider acceptance outside of the US government in the future.

Which Connectivity products offer FIPS 140-2 validated cryptography?

OpenSSL Self-Validated Module

The following products include the OpenSSL cryptographic module, which is certified as FIPS 140-2 compatible:

  • OpenText™ Exceed™ TurboX (all versions)
  • OpenText Exceed onDemand™ 8
  • OpenText Exceed 15
  • OpenText HostExplorer 15
  • OpenText Secure Shell 15
  • OpenText Exceed PowerSuite (Exceed 15)
  • OpenText NFS Client (HostExplorer 15)

Hummingbird Cryptographic Module

Older versions of the OpenText™ Connectivity include a FIPS 140-2 validated module called the "OpenText Cryptographic Module". This module is based on the OpenSSL 0.9.8 code branch and was certified as FIPS 140-2 compatible by NIST.

The OpenText Cryptographic Module is used in the following products:

  • OpenText Exceed onDemand 8
  • OpenText Exceed PowerSuite 14
  • OpenText Exceed 14
  • OpenText HostExplorer 14
  • OpenText NFS Client 14
  • OpenText Secure Shell 14
  • OpenText Secure Terminal 14

Click here for more information on the FIPS 140-2 standard

Download our FIPS 140-2 Certificate (PDF, 1.2 MB)