The Federal Information Processing Standard (FIPS) Publication 140-2 specifies the security requirements of cryptographic modules used to protect sensitive information.
SmartFTP uses FIPS 140-2 validated cryptographic modules:
CryptoAPI / CNG
The CryptoAPI (CAPI) is the cryptographic module shipped with Microsoft Windows. Microsoft has maintained FIPS 140-2 validation for all operating system starting from Windows XP SP3.
Cryptography API: Next Generation (CNG) is the cryptography library that is available starting with Windows Vista / Windows 2008.
Reference: Technet - FIPS 140 Evaluation
OpenSSL is used for the SSH implementation in SmartFTP.
FIPS 140-2 certificate #1747.
Change FIPS 140-2 Mode
SmartFTP enforces the operating system's FIPS policy. To change the FIPS policy of Windows:
- Click the Start button
- Go to Control Panel
- Select Administrative Tools
- Select Local Security Policy
- Go to Local Policies - Security Options in the tree on the left side
- Change System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
Effects of FIPS compliance
What do you think about this topic? Send feedback!