FIPS 140-2…just a buzzword?

Share this story:Tweet about this on Twitter0Share on LinkedIn0Share on Google+0Share on Facebook0

I recently received an inquiry from a reporter that read like this:

“Are you comforted, or left cold when you hear a product has FIPS 140-2 validation that guarantees it’s implementing encryption modules correctly? Assuming secure data transmission or storage is important in the use case, is this buzzword bingo or a valuable asset?”

My reply to this inquiry was uncharacteristically short:

“Today, fully validated FIPS 140-2 cryptography modules come free or bundled with your OS, your Java runtime, several application packages and some hardware components.   These implementations are typically available for your own applications through well-documented APIs.

“Not using FIPS 140-2 cryptography in the year 2010 is like opening a savings account at a bank without the FDIC’s $250K-per-account guarantee.  You could do it, and it might work, but why take the risk when a safer option is available for no extra charge?”

And so it shall remain: Ipswitch File Transfer products use FIPS 140-2 cryptography to protect data-in-transit and data-at-rest, and will continue to do so until FIPS 140-3 becomes the new law of the land.

This entry was posted in Enforcement, MOVEit, Security, WS_FTP Professional, WS_FTP Server. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

Leave a Reply