MOVEit Crypto earns new FIPS 140-2 validation

Share this story:Tweet about this on Twitter0Share on LinkedIn0Share on Google+0Share on Facebook0

MOVEit Crypto, the encryption component used to secure data and settings in MOVEit DMZ and MOVEit Central in mission-critical, Internet-exposed applications, has been revalidated under FIPS 140-2 and has been issued certificate #1363.   This certificate should be available on the Cryptographic Module Validation Program (CMVP)’s website ( in 1-2 weeks.

The changes in MOVEit Crypto that required the revalidation were mainly related to the introduction of “SHA-2″ hashes such as as SHA-256.  As you may already be aware, use of unkeyed SHA-1 hashes will be disallowed in U.S. government applications by the end of the year.  (Weaker hashes such as MD5 and non-cryptographic quality integrity checks such as CRC are already disallowed.)  Fortunately, existing MOVEit products make use of keyed SHA-1 hashes (not the unkeyed hashes that will soon be disallowed), so use of existing MOVEit products with the older version of MOVEit Crypto will be allowed in U.S. government applications well beyond the end of the year.

This entry was posted in Compliance, Enforcement, Managed File Transfer, MOVEit, Security, Technology and Software. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

Subscribe to our File Transfer Blog

Blog subscribers get email updates once a week.

One Trackback

Post a Comment

Your email is never published nor shared. Required fields are marked *


You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>