FIPS: What it is, why it matters

May 08th, 2014 / Category: Managed File Transfer

All organizations need to protect their data resources and uphold network security, but some enterprises have special security requirements. The U.S. Department of Defense, for example, handles highly sensitive and confidential information that must be secured at rest and in transit. Other entities may require similar safeguards, particularly those in industries that handle private information, such as the health care, financial, and even manufacturing sectors.

What is FIPS? 
Overseen by a joint effort between the National Institute of Standards and Technology (NIST) and the Communications Security Establishment (CSE) of the Government of Canada, the Federal Information Processing Standards constitute a validation that sets standards for these types of data security concerns. FIPS is designed for government-wide use to ensure technology used by organizations with security requirements is appropriately protected. However, in addition to the government, many commercial organizations are turning to FIPS validation to ensure their mission-critical data is protected.

The FIPS Publication 140-2 specifies requirements for cryptographic modules that protect sensitive information. In other words, it oversees how technology encrypts and safeguards private data to ensure it's kept safe in the event of a data breach or equipment loss. To achieve this validation, managed file transfer cryptographic modules need to be accredited through the Cryptographic Module Validation Program (CMVP).

What does it cover? 
How does FIPS help agencies and other organizations keep their sensitive data secure? High security modules that have FIPS 140-2 validation can be used in processes such as:

  • Data storage: Information at rest is secured in a compliant manner through repository encryption and the complete sanitization of deleted data. Once deleted, sanitized data cannot be restored.
  • Data in transit: Secure file transfers occur using built-in FIPS-validated cryptographic libraries, including transfers through SSL (FTPS), HTTP over SSL (HTTPS), and SFTP (SSH2).
  • Access to information: Robust permission-based access controls keep data in the hands of authorized individuals—and no one else.

With the right tools, such as an MFT supported by a High Security Module, organizations can easily implement applications that uphold the level of security their operations require. Offerings such as managed file transfer services can streamline the process to set up the appropriate programs and safeguards, monitor their performance to detect any issues, and create the necessary logs for audits.

Data security is incredibly important across a wide range of industries. Whether an organization is in the government sector or not, utilizing FIPS validated tools can give decision-makers the confidence they need to rely on a convenient, efficient, and robust data management solution while also bolstering their security.