Federal Information Processing Standard 140-2 (FIPS 140-2) validation is important to any vendor selling cryptography to the Federal market space. If your IT product utilizes any form of encryption, it will likely require validation against the FIPS 140-2 criteria by the Cryptographic Module Validation Program (CMVP) run jointly by the National Institute of Standards and Technology (NIST), in the United States and Communications Security Establishment (CSE) in Canada before it can be sold and installed in a Federal agency or DoD facility.
FIPS 140-2 describes US Federal government requirements that IT products should meet for Sensitive, but Unclassified (SBU) use. The standard was published by the NIST, has been adopted by the CSE, and is jointly administered by these bodies under the umbrella of the CMVP.
The standard defines the security requirements that must be satisfied by a cryptographic module used in a security system protecting unclassified information within IT systems. There are four levels of security: from Level 1 (lowest) to Level 4 (highest). These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be deployed. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include basic design and documentation, module interfaces, authorized roles and services, physical security, software security, operating system security, key management, cryptographic algorithms, electromagnetic interference/electromagnetic compatibility (EMI/EMC), and self-testing. Please refer here for additional information regarding FIPS 140-2 requirements, including NIST links.
Veritas Validated Products List
Listed below are the Veritas products with a status as to whether a listed product is:
FIPS 140-2 validated
Product uses an existing encryption module (Veritas or 3rd party) and has gone through a "private label" validation process
Product uses an existing validated 3rd party module, but has not explicitly obtained a private validation from NIST
Product does not contain an encryption module
Not at this time
Product has an encryption module but is not FIPS 140-2 validated at this time
This snapshot in time below involves an in flux product line so there are no guarantees as to accuracy, but we try to keep this updated with the current status/FIPS 140-2 status per products. Veritas does not certify that all its software and hardware products, services or appliance solutions are compliant or validated per FIPS 140-2 requirements.
For questions regarding FIPS 140-2 statuses/content herein or to note an updated FIPS product status, please contact firstname.lastname@example.org.