EFT Server - FIPS Validation

Why is FIPS Validation Important?

Most government agencies such as the Department of Defense require FIPS validation for the commercial systems they purchase to protect the integrity of data traffic traveling across their networks.  Similarly, companies in the public sector such as healthcare, financial and manufacturing are under pressure to ensure that customer and patient information is secure when traveling across networks. To meet that need, many companies in these markets are implementing the same FIPS standard mandated by the U.S. government.

What is FIPS 140-2 Validation?

The Federal Information Processing Standard (FIPS) Publication 140-2 specifies the security requirements of cryptographic modules used to protect sensitive information. The Cryptographic Module Validation Program (CMVP) is the accreditation program that validates cryptographic modules to this standard. The CMVP is a joint effort between the National Institute of Standards and Technology (NIST) and the Communications Security Establishment (CSE) of the Government of Canada. Cryptographic Modules validated through the program are subjected to rigorous testing by independent, accredited Cryptographic Module Testing (CMT) laboratories. 

EFT Server HSM with FIPS 140-2 Validation

With the High Security Module (HSM), customers can deploy GlobalSCAPE EFT Server knowing the embedded Cryptographic Module has met the highest possible security standards.  This ensures that your file transfers are protected by best-in-class security. 

EFT Server HSM comes with a built-in FIPS 140-2 Validated cryptographic library to provide secure transfer of information. This enhanced version of EFT Server uses the validated cryptographic library to ensure that it operates using only FIPS-approved algorithms for encryption of transferred data when using FTP over SSL (FTPS) and HTTP over SSL (HTTPS).

When EFT Server is started, a series of startup tests, including Known Answer Tests (KAT) and library-integrity checks, determine whether the HSM is initialized successfully. If the HSM is not initialized successfully, encryption services are disabled and the transfer of sensitive data is prevented.

For more details refer to the GlobalSCAPE Validation Certificate # 908 and the Cryptographic Module Validation Program website.

FIPS-Compliant Protocols and Ciphers

The EFT Server HSM supports all of the file transfer protocols currently supported by the core version of EFT Server (FTP, FTPS, SFTP, HTTP, and HTTPS). SSL protocols (FTPS or HTTPS) are FIPS-compliant protocols. The SSL library is loaded when the Server service is started, and a message box displays which protocols are in use and which of the protocols in use are FIPS compliant.

The FIPS-compliant protocols (HTTPS and FTPS) use the FIPS-approved algorithms provided by the FIPS 140-2 validated cryptographic library for SSL/TLS and certificate generation. The full list of FIPS-approved cryptographic algorithms are in the table below.

The following cipher combinations are supported during SSL/TLS negotiation:

• SSLv3/TLSv1 - RSA Key Exchange, RSA Authentication, 256 bit AES encryption, and SHA1 HMAC
• SSLv3/TLSv1 - RSA Key Exchange, RSA Authentication, 168 bit 3DES encryption, and SHA1 HMAC
• SSLv3/TLSv1 - RSA Key Exchange, RSA Authentication, 128 bit AES encryption, and SHA1 HMAC