FIPS 140-2 Compliance
What is FIPS 140-2?
FIPS 140-2 is the current version of the Federal Information Processing Standardization 140 (FIPS 140) publication that specifies requirements for cryptography modules. The National Institute of Standards and Technology (NIST) issued the FIPS 140 series to uphold the standards that describe the United States Federal Government requirements that IT products should meet.
Read more about FIPS 140 in the official NIST publication.
How do our products help to meet FIPS 140-2 compliance standards?
Both Kryptel and Silver Key fully address the standards outlined in FIPS 140-2 by strongly encrypting the data itself rather than the storage device. Data remains protected even if placed on removable media that is lost or stolen during transit.
When the FIPS 140-2 compliance mode is turned on, all the proprietary crypto modules get unplugged, and every password- or encryption-related operation is performed by NIST-certified CryptoAPI.
|FIPS Validation||Certificate #|
|Windows Server 2003||382|
|Windows Server 2008||1010|
|Windows Server 2008 R2||1337|
|Windows Server 2012||1747|
Turning on FIPS 140-2 compliance mode
Press "Start / All Programs / Kryptel / Settings" to open the Settings panel. Select the "Compatibility" page, change the container formats to "FIPS 140-2 compliant", and press "OK". That setting works for both interactive and command-line modes.
In order to check the container type, open it in Kryptel Browser, select "File / Properties", and open the "Encryption" tab. The "Storage Type" field should show "FIPS 140-2 compliant".
Press "Start / All Programs / Silver Key / Settings" to open the Settings panel. Select the "Cipher" page, change the engine to "FIPS 140-2 compliant", and press "OK". That setting works for both interactive and command-line modes.
In order to check the parcel type, open it in Parcel Analyzer, and check the parcel properties in the right pane. The "Cipher" field should show "FIPS 140-2 AES".
Limitations of FIPS 140-2 compliance mode
- The only key material supported is password.
- The only available cipher is CryptoAPI-supplied AES.
- Components like Kryptel Browser or Silver Key Parcel Analyzer don't maintain password cache and can't perform password matching. This means that password can't be automatically applied and you will have to enter it each time.
- Kryptel data recovery is not supported.