One of our most-visited help articles is “How can I make Cerberus FTP Server secure?”
In that article, we mention FIPS 140-2, but we still get quite a few emails from customers asking whether they should be using FIPS 140-2 mode in Cerberus. So let’s dig into everything you need to know about the Federal Information Processing Standard (FIPS) publication 140-2.
What is FIPS 140-2?
FIPS 140-2 is a set of encryption specifications set by the National Institute of Standards and Technology (NIST) for use by the U.S. federal government. Enabling FIPS 140-2 mode limits the Cerberus FTP Server to only use ciphers certified to be FIPS 140-2 compliant and ensures that only certified and compliant ciphers are used for encrypted connections. This ensures the highest level of security for encrypted connections.
It’s important for Cerberus to support FIPS 140-2 as not all algorithms are appropriate for the data some organizations transmit.
What organizations should use FIPS 140-2?
FIPS 140-2 validation is mandatory for use in U.S. federal government departments that collect, store, transfer, share and disseminate sensitive but unclassified (SBU) information. This applies to all federal agencies as well as their contractors and service providers, including networking and cloud service providers.
If you fall under the above organizations, you will want to enable FIPS 140-2 mode in Cerberus.
Couldn’t I just use an encrypted protocol like SFTP?
No, using SFTP is not enough. In addition to the risk of exposing your data to the wrong individuals, it can result in regulatory fines, civil damages, loss of revenue and more. Read more about SFTP here.
I don’t fall under any of the organizations you mentioned, could I still use FIPS?
You could. We strongly recommend taking advantage of FIPS 140-2’s security benefits, especially for customers who require a HIPAA-compliant file transfer system.
Keep in mind when enabling FIPS the corresponding FTP client that is being used will need to support FIPS as well in order to be able to successfully establish a connection. Therefore, while using FIPS will improve the encryption strength and safety of your data, it will also reduce compatibility with clients as well. A client with non-FIPS-compliant ciphers will not be able to exchange files with you.
What FTP Clients work with FIPS 140-2 mode?
Not all clients support FIPS, as FIPS is restricted to specific ciphers and encryption methods that are not supported by all FTP clients. Tested and known to work with Cerberus include:
How do I enable FIPS 140-2 in Cerberus?
To enable FIPS 140-2 mode select the Enabled FIPS 140-2 mode box from General section via the Security page.