Search | Contact Us | Language | Cart

Secure FTP Server
Features
Feature Tour
Auditing and Reporting
HTTPS Add-On
SFTP (SSH2) Add-On
FIPS Validation
Compare Servers
Case Studies
System Requirements
What's New
Support
Webinar
Upgrade
Download
Purchase

Secure FTP Server FIPS

Why is FIPS Validation Important?

Most government agencies such as the Department of Defense require FIPS validation for the commercial systems they purchase to protect the integrity of data traffic traveling across their networks. Similarly, companies in the public sector such as healthcare, financial and manufacturing are under pressure to ensure that customer and patient information is secure when traveling across networks. To meet that need many companies in these markets are implementing the same FIPS standard mandated by the U.S. government.

What is FIPS 140-2 Validation?

The Federal Information Processing Standard (FIPS) Publication 140-2 specifies the security requirements of cryptographic modules used to protect sensitive information. The Cryptographic Module Validation Program (CMVP) is the accreditation program that validates cryptographic modules to this standard. The CMVP is a joint effort between the National Institute of Standards and Technology (NIST) and the Communications Security Establishment (CSE) of the Government of Canada. Cryptographic Modules validated through the program are subjected to rigorous testing by independent, accredited Cryptographic Module Testing (CMT) laboratories.

Secure FTP Server with FIPS 140-2 Validation

With Federal Information Processing Standards (FIPS) 140-2 validation, customers can deploy GlobalSCAPE’s managed file transfer solutions knowing the embedded Cryptographic Module has met the highest possible security standards. This ensures that your file transfers are protected by best in class security.

Secure FTP Server - FIPS employs the FIPS 140-2 Validated GlobalSCAPE Cryptographic Module (GSCM) to provide secure transfer of information. This enhanced version of Secure FTP Server FIPS uses the validated cryptographic library to ensure that it operates using only FIPS approved algorithms for encryption of transferred data when using FTP over SSL (FTPS) and HTTP over SSL (HTTPS).

When Secure FTP Server - FIPS is started, a series of startup tests, including Known Answer Tests (KAT) and library-integrity checks, determine whether the GSCM is initialized successfully. If the GSCM is not initialized successfully, encryption services are disabled and the transfer of sensitive data is prevented.

For more details refer to the GlobalSCAPE Cryptographic Module Validation Certificate # 908 and the Cryptographic Module Validation Program website.

FIPS-Compliant Protocols and Ciphers

The Secure FTP Server - FIPS application supports all of the file transfer protocols currently supported by the non-FIPS version of Secure FTP Server (FTP, FTPS, SFTP, HTTP, and HTTPS). SSL protocols (FTPS or HTTPS) are FIPS-compliant protocols. The SSL library is loaded when the Server service is started, and a message box displays which protocols are in use and which of the protocols in use are FIPS compliant.

The FIPS-compliant protocols (HTTPS and FTPS) use the FIPS-approved algorithms provided by the FIPS 140-2 validated GlobalSCAPE Cryptographic Module (GSCM) for SSL/TLS and certificate generation. The full list of FIPS-approved cryptographic algorithms are in the table below.

The following cipher combinations are supported during SSL/TLS negotiation:

SSLv3/TLSv1 - RSA Key Exchange, RSA Authentication, 256 bit AES encryption, and SHA1 HMAC
SSLv3/TLSv1 - RSA Key Exchange, RSA Authentication, 168 bit 3DES encryption, and SHA1 HMAC
SSLv3/TLSv1 - RSA Key Exchange, RSA Authentication, 128 bit AES encryption, and SHA1 HMAC

Approved Cryptographic Algorithms

When operating in FIPS Mode, the GSCM provides the following FIPS-approved cryptographic algorithms:

Triple-DES
Advanced Encryption Standard (AES)
Digital Signature Algorithm (DSA)
Rivest, Shamir, Adleman (RSA) for Digital Signatures
Secure Hashing Algorithm (SHA-1 and SHA-2)
Keyed-Hash Message Authentication Code (HMAC)
ANSI X9.31 Appendix A.2.4 pseudo-random number generation

The following table summarizes the set of FIPS approved cryptographic algorithms:

Algorithm Type	Algorithm	Standard	Algorithm Validation Certificate	Use
Symmetric Cipher	Triple-DES, CBC, CFB8, CFB64, ECB, OFB modes	SP800-67	586	Encryption, Decryption
Symmetric Cipher	AES (128, 192, 256 bit keys), CBC, CFB8, CFB128, ECB, OFB modes	FIPS 197	618	Encryption, Decryption
Asymmetric Algorithm	RSA	ANSI X9.31 (Ref: 10), RSASSA-PKCS1_V1_5 (Ref: 11), RSASSA-PSS	287	Signature Generation, Signature Verification
Asymmetric Algorithm	DSA	FIPS 186-2	240	Signature Generation, Signature Verification
Message Digest	SHA-1 SHA-224 SHA-256 SHA-384 SHA-512	FIPS 180-2	666	Hashing
Message Authentication	HMAC-SHA-1 HMAC-SHA-224 HMAC-SHA-256 HMAC-SHA384 HMAC-SHA-512	FIPS 198	320	Integrity
Random Number Generation	ANSI X9.31 Appendix A.2.4	ANSI X9.31 Appendix A.2.4	388	Random Number Generation

Non-Approved Cryptographic Algorithms

When the GSCM is operating in FIPS-approved mode, a small subset of additional non-FIPS approved algorithms are allowed by the FIPS 140-2 standard and provided by the GSCM.

The following table summarizes the set of non-approved cryptographic algorithms allowed while in the FIPS-approved mode of operation.

Algorithm Type	Algorithm	Standard	Use
Asymmetric Algorithm	DH (provides 80 to 256 bits of equivalent encryption strength)	ANSI X9.42-2001 (Ref: 13	Key Agreement
Asymmetric Algorithm	RSA (provides 80 to 150 bits of equivalent encryption strength	PKCS #1 (Ref: 11)	Key Wrapping

Pricing and trial information

Buy Secure FTP Server FIPS now for $895. Request a free trial online or call us at 1-800-290-5054.