What's next?
Request a Demo
Get a Price Quote
Federal institutions look for FIPS compliant software if the solution involves dealing with sensitive data belonging to the federal institutions of the United States of America. Let's explore what FIPS compliance is, and how to enable FIPS compliant mode in Securden solutions.
The National Institute of Standards and Technology (NIST) has set a list of standards for processing sensitive data for the federal institutions of United States of America called Federal Information Processing Standards – FIPS.
FIPS 140-2 is an information processing standard concerned with validating the effectiveness of cryptographic components (both hardware and software). If a cryptographic component has a FIPS certificate, then it can be assumed that the component has been extensively tested and validated by the US and Canadian government approved laboratories.
Although FIPS is primarily a North American standard, it is widely adopted across many government organizations across the globe.
Securden uses OpenSSL for encrypting data during transmission. Normally (not running FIPS compliant mode), Securden uses the OpenSSL base provider version 3.3.3
When the FIPS compliant mode is turned on, the base OpenSSL is no longer used. Securden switches to an OpenSSL FIPS provider which is FIPS compliant.
The OpenSSL version 3.0.9 used by Securden is FIPS 140-2 compliant. You can check out the FIPS certificates of OpenSSL 3.0.9 by clicking on the links below.
Note:
When running in FIPS compliant mode, you cannot enforce data redundancy measures such as database backup, enable high availability on Securden instances with PostgreSQL server as the backend database.
We recommend you migrate the backend database to MSSQL server before enforcing FIPS compliance to ensure you can still have data redundancy measures in place.
Securden uses a different OpenSSL version for running in FIPS compliant mode. By using this version of OpenSSL, you can enforce FIPS compliance mode on the SSL encrypted communication between the Securden server and its peripheral components.
To run Securden in FIPS compliant mode, follow the steps below.
You have successfully switched on the FIPS compliant mode ON in Securden.
You can verify that the FIPS mode is turned ON by viewing the error.log file available in the Securden installation folder.
As you can infer from the above image, the error.log file will have the following record.
OpenSSL has FIPS mode enabled
Optionally, you can check FIPS compliance by running the commands on your terminal.
$ set OPENSSL_MODULES=<Securden Installation Folder>\apache\oss_modules
$ set OPENSSL_CONF= <Securden Installation Folder>\apache\conf\openssl.cnf
$ openssl.exe list –providers
If you were running Securden with FIPS compliant mode turned OFF, then the result would be as follows.
name: OpenSSL Base Provider
version: 3.3.3
status: active
If you were running Securden with FIPS compliant mode turned ON, then the result would show the following in addition to the OpenSSL base provider details.
name: OpenSSL FIPS Provider
version: 3.0.9
status: active
The version of OpenSSL displayed shows that Securden has started running in FIPS compliant mode.
If you need any assistance in running Securden on FIPS compliant mode, write to support@securden.com