Features > Transfer Security > FIPS 140-2 Validation
Cerberus FTP Server
What is FIPS 140-2?
Available in: Professional | Enterprise | Enterprise Plus
Cerberus FTP Server FIPS 140-2 Compliance
Cerberus FTP Server uses an embedded FIPS 140-2-validated cryptographic module (Certificate #4282 using the OpenSSL 3 FIPS Provider Module) for all cryptographic operations and meets federal cryptographic requirements with FIPS 140-2 validated cryptography up to 256-bit AES encryption over SSL and SSH. This certificate will remain active through the FIPS 140-2 sunset date of 21 September 2026.
Cerberus will add FIPS 140-3 support when OpenSSL receives FIPS 140-3 validation, which will likely come at some point in 2024.
Meets all FIPS 140-2 cryptographic requirements
Certified by NIST/CSEC’s Cryptographic Module Validation Program
What is FIPS 140-2 Compliance?
In 2001, NIST‘s Federal Information Processing Standard (FIPS) publication 140-2 established a security standard for cryptographic modules used by the U.S. federal government in the collection, storage, transfer, sharing and dissemination of sensitive information. Most federal agencies and regulated industries must comply with the FIPS 140-2 standard by law, and all products sold to the federal government that use cryptographic modules must be FIPS 140-2 validated.
What Organizations Require FIPS-Compliant File Transfer?
The organizations below are required to use FIPS-compliant cryptography by law:
- U.S. federal and state government agencies that deal with citizens’ private information
- The U.S. military and its vendors working with sensitive but unclassified data
- Vendors, suppliers and third parties selling cryptographic modules to the federal government or using these modules in support of their services
Industries that deal with sensitive data requiring high levels of privacy for regulatory or security reasons will often require the FIPS 140-2 standard as well. These industries include:
- Financial institutions
- Information-processing vendors
- Healthcare-related organizations that fall under HIPAA regulation
- Educational institutions
- Utilities
However, the FIPS 140-2 standard can be used any organization that wishes to transfer files securely, safeguard business data, and protect its most critical information.
What Does it Mean to be FIPS 140-2 Compliant?
A FIPS-validated solution must use cryptographic algorithms and hash functions that meet the FIPS requirements. Specifically, a FIPS-validated solution must:
- Use algorithms and hash functions approved under FIPS 140-2 requirements
- Be validated by the joint NIST/CSEC Cryptographic Module Validation Program (CMVP)
FIPS 140-2 Resources:
- How to implement FIPS 140-2 cryptography and other security settings in Cerberus FTP Server
- Answers to common FIPS 140-2 support questions we receive
- Cerberus Has Moved to OpenSSL 3
- The difference between FIPS 140-2 and 140-3
- How to Ensure HIPAA Compliance on Your FTP/SFTP/FTPES Server
- Our plans for FIPS 140-3 validation
Full Feature List
Protocols
FTP, FTP/S, SFTP, SCP, HTTP/S
Transfer Security
SSH, SSL, FIPS 140-2
MFT Automation
Event, Alert & Sync Tools
Environment
Windows Server, Cloud & Virtual
Access Protection
IP, User & Protocol Restriction Tools
Account Management
AD, LDAP, 2FA, SSO & More
Auditing and Reporting
File Access, User & Admin Logging
Administration Tools
API, Sync Manager, & Other Tools
Industry Solutions
Cerberus FTP Server Editions
Professional
Secure file transfer server for Windows
- FTP, FTPS, SFTP & SCP
- IP access controls
- Groups & virtual directories
- Web admin & SOAP API
- AD/LDAP integration
- FIPS 140-2 encryption
- Server replication
- Phone & email support
$999 / year
Enterprise
Enhanced automation & security
- All Professional features
- HTTP/S web client
- Azure AD SSO support
- Event automation & alerts
- File retention policies
- Ad hoc file sharing
- Advanced stats & reporting
- Phone & email support
$2,499 / year
Enterprise Plus
Mission-critical performance & support
- All Enterprise features
- Scalable global solution
- 24/7/365 severity 1 support
- Rogue transfer detection
- Performance testing
- Automated network scanning
- Upgrade & migration support
- DR, test & dev licenses
$4,999 / year
Raved and Reviewed
Here’s what a few of our many satisfied customers have to say about Cerberus FTP Server.
“Our users have found Cerberus to be straightforward. We have handled many service tickets over the past three years, and Cerberus has had the least number of issues, by far.”
“We’ve been using Cerberus for at least five years, and it’s been awesome. Everything’s been very simple and easy, and we haven’t come across any limitations. It always just seems to work.”
“It’s not designed to be complicated, and it doesn’t need to be managed. I can hire someone new and they can be up to speed in minutes. Everyone on the team loves it.”
Latest News
How to Secure an FTP or SFTP Server – 8 Essential Tips
Companies are a favorite target of today’s hackers, and one of the most common threat vectors is an organization’s file transfer system. To help you protect your business, we’ve put together these eight essential tips for securing an FTP or SFTP server. 1. Use strong...
Automate Cisco Unified Communications Manager (CUCM) Backup Using SFTP
In the new era of hybrid and remote work, Cisco Unified Computing System Manager (UCSM) and Cisco Unified Communications Manager (CUCM) have become even more critical administrative tools. The top two topics that the Cerberus support team receives regarding UCSM and...
Evaluating Methods to Securely Transfer Cisco Firmware Updates
The typical system administrator manages over 20 devices, and when it comes to network infrastructure there’s a good chance that those devices are made by Cisco. This ubiquity makes Cisco software and firmware updates a multi-day chore for many admins, and the volume...