FIPS 140-2 Compliant Terminal Emulation
 |
 |
 |
 |
 |
 |
 |
 |
|
PASSPORT PC TO HOST®
FIPS 140-2 ComplianceUsing PASSPORT for Secure Host AccessWe often receive enquiries of our compliance with the critical security standard known as Federal Information Processing Standard 140-2. All Zephyr PASSPORT products, including PASSPORT PC TO HOST®, PASSPORT WEB TO HOST® and PASSPORT Host Integration Objects®, are FIPS 140-2 compliant. What is FIPS 140-2?The Federal Information Processing Standard (FIPS) was established by the National Institute of Standards and Technology (NIST). In particular, FIPS 140-2 is the current version of "Security Requirements for Cryptographic Modules" and is the foundation for the Cryptographic Module Validation Program (CMVP), a joint effort by the NIST and the Communications Security Establishment (CSE) for the Canadian government. Cryptographic modules are produced by the private sector or open source communities for use by the U.S. government and other regulated industries (such as financial institutions and health-care organizations) that collect, store, transfer, share and disseminate "sensitive, but un-classified (SBU)" information. Cryptographic modules can be submitted to the CVMP for accreditation. A full list of accredited modules is maintained by NIST - View Accredited Modules. PASSPORT Products and FIPS 140-2 CompliancePrior to Version 2007, the PASSPORT PC TO HOST® and PASSPORT WEB TO HOST® terminal emulation utilized the RSA Cryptographic Modules for SSL/TLS security and were FIPS 140-2 compliant. Beginning with Version 2007, the PASSPORT terminal emulation suites began making use of the Microsoft® Windows® Cryptographic algorithms for SSL/TLS security. As long as the Windows OS is set to operate in FIPS Mode, all SSL/TLS connections are compliant with FIPS 140-2, whether using a terminal display or FTP file transfer session. PASSPORT Host Integration Objects also makes use of Microsoft® Windows® cryptographic algorithms for SSL/TLS security, so again it's important to make sure the Windows Server or Client machine is set to operate in FIPS mode to gain FIPS 140-2 status. Setting Microsoft Windows for FIPS 140-2 ComplianceTo achieve FIPS 140-2 status, you will need to set the group policy setting or the registry key below, which will ensure that the Microsoft SChannel only uses FIPS approved algorithms. Security Setting in Group Policy: System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing. Registry Values: This security setting affects the following registry value in Windows Server 2008 and in Windows Vista. HKLM\System\CurrentControlSet\Control\Lsa\FI PSAlgorit hmPolicy\Enabled This security setting affects the following registry value in Windows Server 2003 and in Windows XP: HKLM\System\CurrentControlSet\Control\Lsa\FI PSAlgorit hmPolicy For more information, see "The effects of enabling the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" security setting in Windows XP and in later versions of Windows" - More Information Here. Get FIPS 140-2 Compliant Today, Save Money at the Same TimeIf your organization uses desktop-based terminal emulation software from Attachmate®, IBM® or Micro Focus® (NetManage®) that does not support FIPS 140-2 security, please contact Zephyr to discuss the significant financial benefits and technical considerations associated in making an easy and hassle-free transition to the secure PASSPORT PC TO HOST solution that's also Certified for Windows Vista. |
||
