About
Federal Information Processing Standards (FIPS) Publication 140-2 specifies security requirements for cryptographic modules. The Federal government requires that all encryption is performed by FIPS validated cryptographic modules. This requirement is also typically required by State and Local governments, government contractors, and government services providers. FIPS validation is specifically required by FedRAMP, CJIS, NIST SP 800-171, and other compliance programs.
The rest of this article provides more specific detail about FIPS 140-2 compliance as it pertains to Virtru products.
FIPS 140-2 and Virtru
All of Virtru’s encryption algorithms comply with FIPS 140-2, however, not all Virtru clients leverage FIPS validated encryption modules. Of those that do leverage FIPS validated modules, not all clients are enabled in FIPS mode by default.
In most clients, we use 3rd-party encryption libraries that have been certified by, or for, companies such as Google, Microsoft, and Apple (more details below). As such, Virtru has not been required to go through a validation directly.
On certain Virtru plan levels, some Virtru clients support FIPS by default and others require additional configuration. If you need to ensure FIPS 140-2 compliance across Virtru clients in use, please refer to the chart below and contact support to confirm FIPS is enabled for your account. If you are not sure if your current Virtru plan includes FIPS compliance, please contact Virtru Sales.
The FIPS validation certificates used by each Virtru client:
Client |
Module Name |
CMVP Certificate |
Notes |
---|---|---|---|
Chrome Browser Plugin - Gmail |
OpenSSL |
#1747 |
FIPS mode is not enabled by default. Please contact Virtru Support to enable FIPS mode. |
Outlook Desktop Plugin |
Windows |
Varies by Windows version |
The Outlook Desktop Plugin leverages the encryption module of the underlying Windows operating system. Customers should ensure that Windows is configured in FIPS mode to ensure that Virtru leverages the FIPS validated Windows encryption module. For more information on configuring different Windows versions in FIPS mode, please refer to the following: FIPS 140-2 Validation |
iOS |
OpenSSL (<= iOS 12) or CoreCrypto (>= iOS 13) |
#1747 (<= iOS 12) or In Process (>= iOS 13 ) |
Beginning with iOS 13, iOS devices will leverage the underlying encryption module provided by Apple which is FIPS validated. |
On-premise Gateway |
Bouncy Castle |
#3152 |
Please contact your Customer Success Manager to request FIPS mode configuration. Note: If you are a current gateway customer this upgrade will be required first before any other actions can be taken on the Virtru side |
C++/Python SDKs |
BoringCrypto |
#3318 |
|
Clients not on this list do not currently leverage FIPS validated modules.