Community Insights

Veritas_Logo_RED_1000x197.jpg

FIPS 140-2

Federal Information Processing Standard 140-2 (FIPS 140-2) validation is important to any vendor selling cryptography to the Federal market space. If your IT product utilizes any form of encryption, it will likely require validation against the FIPS 140-2 criteria by the Cryptographic Module Validation Program (CMVP) run jointly by the National Institute of Standards and Technology (NIST), in the United States and Communications Security Establishment (CSE) in Canada before it can be sold and installed in a Federal agency or DoD facility.

FIPS 140-2 describes US Federal government requirements that IT products should meet for Sensitive, but Unclassified (SBU) use. The standard was published by the NIST, has been adopted by the CSE, and is jointly administered by these bodies under the umbrella of the CMVP.

The standard defines the security requirements that must be satisfied by a cryptographic module used in a security system protecting unclassified information within IT systems. There are four levels of security: from Level 1 (lowest) to Level 4 (highest). These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be deployed. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include basic design and documentation, module interfaces, authorized roles and services, physical security, software security, operating system security, key management, cryptographic algorithms, electromagnetic interference/electromagnetic compatibility (EMI/EMC), and self-testing.  Please refer here for additional information regarding FIPS 140-2 requirements, including NIST links.

Veritas Validated Products List

Listed below are the Veritas products with a status as to whether a listed product is:

  • FIPS 140-2 validated
    • Product uses an existing encryption module (Veritas or 3rd party) and has gone through a "private label" validation process
  • Compliant
    • Product uses an existing validated 3rd party module, but has not explicitly obtained a private validation from NIST
  • N/A
    • Product does not contain an encryption module
  • Not at this time
    • Product has an encryption module but is not FIPS 140-2 validated at this time

This snapshot in time below involves an in flux product line so there are no guarantees as to accuracy, but we try to keep this updated with the current status/FIPS 140-2 status per products.  Veritas does not certify that all its software and hardware products, services or appliance solutions are compliant or validated per FIPS 140-2 requirements. 

For questions regarding FIPS 140-2 statuses/content herein or to note an updated FIPS product status, please contact xyz@veritas.com.

VERITAS PRODUCT NAME STATUS HAS ENCRYPTION MODULE ENCRYPTION MODULE TYPE
APPLICATIONHA 6.1 Not at this time Yes OpenSSL
BACKUP EXEC 2014 FIPS Compliant Yes OpenSSL version 0.9.8y
CLEARWELL Not at this time Yes MS CAPI (Microsoft Crypto API)
CLUSTER SERVER 6.1 S64 LINUX FIPS Validated Yes OpenSSL
CLUSTER SERVER 6.1 UNIX FIPS Validated Yes OpenSSL
CLUSTER SERVER 6.1 WINDOWS Not at this time Yes OpenSSL
CLUSTER SERVER HA/DR 6.1 S64 LINUX FIPS Validated Yes OpenSSL
CLUSTER SERVER HA/DR 6.1 UNIX FIPS Validated Yes OpenSSL
CLUSTER SERVER HA/DR 6.1 WINDOWS Not at this time Yes OpenSSL
DATA INSIGHT 4.5 Not at this time Yes  
DISASTER RECOVERY ADVISOR 6.3 N/A No Veritas does not own source code
ENTERPRISE VAULT 11.0 FIPS Validated Yes Veritas Enterprise Vault Cryptographic Module (Software Version: 1.0)
NETBACKUP 7.6 BIOMNI FRONT OFFICE COMPLETE Not at this time Yes  
NETBACKUP 7.6 CROSS PLATFORM In Progress Yes OpenSSL 1.0.1
NETBACKUP 7.6 UNIX In Progress Yes OpenSSL 1.0.1
NETBACKUP 7.6 WIN/LNX/SOL X64 In Progress Yes OpenSSL 1.0.1
STORAGE FOUNDATION 6.1 S64 LINUX N/A No SF uses the PureDisk’s (PDDE) SDK which internally uses OPENSSL
STORAGE FOUNDATION 6.1 UNIX N/A No SF uses the PureDisk’s (PDDE) SDK which internally uses OPENSSL
STORAGE FOUNDATION HA 6.1 S64 LINUX N/A No SF uses the PureDisk’s (PDDE) SDK which internally uses OPENSSL
STORAGE FOUNDATION HA 6.1 UNIX N/A No SF uses the PureDisk’s (PDDE) SDK which internally uses OPENSSL
STORAGE FOUNDATION HA/DR 6.1 S64 LINUX N/A No SF uses the PureDisk’s (PDDE) SDK which internally uses OPENSSL
STORAGE FOUNDATION HA/DR 6.1 UNIX N/A No SF uses the PureDisk’s (PDDE) SDK which internally uses OPENSSL

Return to Global Certification Management Program Office.

Return to the Customer Trust Portal.

Comments

The email address on this needs to be updated to a Veritas address.