Reference › Supported Standards and Protocols › US Government Standards › FIPS Compliance

FIPS Compliance

FIPS 140-2 (Security Requirements for Cryptographic Modules) is a security accreditation program for cryptographic modules in software that is used by government departments and industries that deal with "sensitive, but not classified" information. Validation is coordinated by the National Institute of Standards and Technology (NIST).

• Text-based configuration: If you set up your directory to use text-based configuration files, it is compliant with FIPS.

  CA Directory utilizes an embedded cryptographic module that has been validated as meeting the Federal Information Processing Standards (FIPS) 140-2 Security Requirements for Cryptographic Modules.

• DXmanager: If you set up your directory to use DXmanager, it is not compliant with FIPS.

  The cryptographic libraries used by DXmanager and DXadmind are not FIPS 140-2 compliant. These libraries are also used to encrypt the XML configuration used by DXmanager.

See the NIST website at http://csrc.nist.gov/cryptval/140-1/140val-all.htm#608 for details of the RSA BSAFE® Crypto-C ME cryptographic services.