Got a response from pkware stating securezip for mac is fips1402, they pointed to this document as proof. Introduction federal information processing standards publication fips 1402, security requirements for cryptographic modules, specifies the security requirements that are to be satisfied by the cryptographic module utilized within a security system protecting sensitive information. Software meeting this mandate is widely available for public use. Sha1 usage that is clearly disallowed in fips 1402 is signing digital signatures using sha1. Goanywhere mft provides a fips 1402 compliance mode and when enabled, it only permits the use of fips 1402 compliant ciphers e. Moving encrypted files to a social security laptop once the files get encrypted and loaded on the usb drive, staff may move it to the social security laptop by attaching the encrypted file to an email or by transferring the encrypted file encrypted using securezip on a usb flash drive. Pkware s own fips mode setting ensures only fips 1402 validated cryptography is used and eliminates the need for disruptive operating system fips policy settings. If you have any questions about this information, please submit a technical support ticket. Various microsoft products are and are not compliant. Basically if you are using encryption in a place that mandates the fips 1402 standard us federal government, canadian government, large banks you must get your code certified by an independent laboratory. Our dropin replacement options for openssl and bouncy castle make integration a snap, and if youre currently using a proprietary module, we can help you make a smooth. There is no impact to customers using pkware software on i5os or zos.
After the transition period, modules will no longer be tested against the fips 1401 requirements. Unit is bundled with two keys and registration is required for key duplication. In fips 140 mode, you cannot use an algorithm from the following summarized list of algorithms even if the algorithm is implemented in the cryptographic framework or is a fips 140validated algorithm for other products. I went back and did a little searching to verify the date of certification. Select the compatibility page, change the container formats to fips 1402 compliant, and press ok. I want to highlight some points before using this class.
These products are validated against fips 1402 at security levels ranging from level 1 lowest to level 4 highest. Looking for free disk encryption software that is fips 140. Securezip is the longtrusted security and compression solution from pkware, the inventors of the zip compressed file format available on every mainframe. If this was stackoverflow youd get the green checkmark. You can achieve fips compliance on any riverbed system that supports riverbed software that contains the rcsm. This approach provides a high degree of flexibility for customers needing to meet fips compliance on major. At the time i was not sure that it was approved in fips 1402. That setting works for both interactive and commandline modes. Compress, save, or share your files with our powerful, easytouse interface. Fips encryption modules for all use cases by safelogic. Tripledes cbc is approved, but whether your implementation is certified depends on what testing microsoft had done, and whether you are deploying it according to the criteria specified for those tests.
I have done fips 1402 compliance tasks firsthand with. Algorithms that are not approved for fips 140 in the cryptographic framework. Civilian companies worldwide that contract with us, canadian or uk government organisations that require fips 1402 encryption compliance are also required to be compliant. The fips 1402 standard is an information technology security approval program for cryptographic modules produced by private sector vendors who seek to have their products certified for use in government departments and regulated industries such as financial and healthcare institutions that collect, store, transfer, share and disseminate sensitive but. While doing this using managed code you can come across the aescryptoserviceprovider class that is fips complaint. This makes your encrypted files in compliance with fips 1402 during reststorage. Regardless of the application or platform, the flexible securezip toolkit embeds security at the data level for easy, secure movement. Safelogic combines software and services to provide fips 1402 validation in 8 weeks. A cryptographic module federal government standard.
If you are willing to pay for a commercial application and certification symantec endpoint encryption see is fips 1402 certified. In addition, commercial companies especially those involved in finance, healthcare, education and infrastructure national security are increasingly requiring fips. Fips federal information processing standard 1402 is a u. Only versions of pkzip, securezip, and securezip partner running on windows desktop, windows server, unix, and linux will be affected by this change. These bodies may or may not demand that an encryption module would be fips1402 compliant, but certainly being such is a prudent choice at least from a liability point of view. The fips 1402 certified algorithms ciphers in goanywhere mft are provided by an embedded rsasecurity module and apply to all ssh and ssl. Since there might be legal ramifications, it would behoove you to contact microsoft directly with this question.
Theres a difference between fips 1402 approved ciphers and fips 1402 certified implementations. Agencies may retain and use fips 1401 validated products that have been purchased before the end of the transition period. Fips 1402 validated cryptography is used only within securezip and does not adversely affect any other system functions. Netlib security s cryptographic modules, have been tested and validated against the requirements found in fips pub 1402, security requirements for cryptographic modules by nist. Using warez version, crack, warez passwords, patches, serial numbers, registration codes, key generator, pirate key, keymaker or keygen for fips 140 2 compliant license key is illegal. Pkware s encryption technology fully addresses the standards outlined in fips 1402 by strongly encrypting sensitive data itself. Approved security functions for fips pub 1402, security requirements for cryptographic modules 1. Restrictions as per fips 1402 and nist sp 8001a aes256 is fine, if it is used on ecb, cbc, cfb, ofb, ctr, ccm, gcm, xts, or kw as long as appropriate guidance from nist sp 80038abcdef documents is also followed. Does the encryption feature of microsoft office meet these requirements.
The fips 1402 compliant globalscape cryptographic module gscm is based on the opensslfips1. There isnt a technical difference, more a legal risk compliance one. The federal information processing standard 1402 fips 1402 is a u. Netlib securitys cryptographic module offers two forms of encryption, while simultaneously enabling companies to meet this required standard of security protection issued by fips 1402 validation. Pwa provides a datacentric audit and protection platform that automates policydriven discovery, classification, and encryption wherever.
Securezip is a software product that provides security services in this manner. The standard ensures that a product uses sound security practices, such as approved, strong encryption algorithms and methods. Top 4 download periodically updates software information of fips 140 2 compliant full versions from the publishers, but some information may be slightly outofdate. Devicelevel fips 1402 validation airwatch provides multios support, enabling organizations to support and manage a variety of device types. That product is made by pkware who seem fairly reputable. In order to check the container type, open it in kryptel browser, select file properties, and open. The rcsm is compatible with fips 1402 level 1 requirements. Algorithms that are not approved for fips 140 in the. Smartcrypt, securezip, and our other innovative products help customers meet data management and security concerns, while saving valuable resources and maximizing their return on investment. Protecting sensitive government data on mobile devices. Federal information processing standards fips 1402 is part of the 140 publication series issued by the national insttitute of stantards and technology nist. Approved security functions june 10, 2019 for fips pub 140. This cryptographic standard is often mandatory for government and military processes.
Behaviour of aescryptoserviceprovider class with fips. Pkware provides a fips mode setting that ensures the use of fips 1402 validated cryptography and that does not require using this windows setting. Safeguard data at rest and storage zip aes 256 encryption is used with fips 1402 validated modules. Just because your system passes the selftests and statistical checks mandated by the standard does not mean it is compliant. In some industries it is much easier to go with a commercial offering when it comes to an audit and regulators. Nist fips 1402 compliant aes hardware encryption with 256bit encryption. Get winzip today and secure your files with fips 1402 encryption today. Similarly, for winzip enterprise versions and versions earlier than 18. The 140 series is meant to define requirements for cryptographic modules for hardware and software components. Since ciphershield encrypts data independent of the operating system.
Fips 140 2 compliant software free download fips 140 2. Fips 1402 encryption software if you are looking to become fips 1402 validated, encryptionizer can get you one step closer. Pkware solutions are developed with your concerns in mind. Current federal information processing standards fips 1402 security requirements for cryptographic modules 01 may 25 supersedes fips pub 1401, 1994 january 11. Winzip software versions 9 and later include support for aes encryption, using either 128 or 256bit keys.
Aes which stands for the advanced encryption standard is the symmetric encryption algorithm approved as part of the federal information processing standard fips for use by u. Safeguard data during transport powerarchiver secure ftp uses fips 1402 validated modules for compliance with fips 1402 standard during data transport. Government organizations and others to protect sensitive information. Encryption in the toolkit accesses fips 1402 validated libraries and uses. Safelogics cryptocomply encryption modules are available for ios, android, linux, windows, and mac os x, as well as other platforms. Press start all programs kryptel settings to open the settings panel.
The question arose as to whether bitlocker was fips 1402 compliant. The fips 1402 standard is jointly maintained by both of these organizations. You may want to use a crypto api for advanced encryption standard that is fips 1402 complaint. Fips 1402 compliant components in secure ftp server. I am happy to officially answer that yes bitlocker is fips 1402. Unlike fips 1402 level 2 validation, which requires physical security mechanisms, level 1 validates the software only. Fips 1402 standard and selfencrypting drive technology. When operated in fips mode, securezip will ensure that only fips 140 validated cryptographic modules are used for encryption processing. Organizations that need to ensure fips 1402 compliance should be aware of the fips 1402 certification for all device types they are considering. Winzips powerful file encryption features make securing your files with fips encryption a breeze. Encryption products purchased by us and canadian government agencies may be required to undergo the fips 1402 validation. The documents need to be encrypted and the encryption needs to be fips 1402 compliant. Pkware s own fips mode setting ensures only fips 1402.