I recently received an inquiry from a reporter that read like this:
“Are you comforted, or left cold when you hear a product has FIPS 140-2 validation that guarantees it’s implementing encryption modules correctly? Assuming secure data transmission or storage is important in the use case, is this buzzword bingo or a valuable asset?”
My reply to this inquiry was uncharacteristically short:
“Today, fully validated FIPS 140-2 cryptography modules come free or bundled with your OS, your Java runtime, several application packages and some hardware components. These implementations are typically available for your own applications through well-documented APIs.
“Not using FIPS 140-2 cryptography in the year 2010 is like opening a savings account at a bank without the FDIC’s $250K-per-account guarantee. You could do it, and it might work, but why take the risk when a safer option is available for no extra charge?”
And so it shall remain: Ipswitch File Transfer products use FIPS 140-2 cryptography to protect data-in-transit and data-at-rest, and will continue to do so until FIPS 140-3 becomes the new law of the land.