FIPS 140-2 Certification.
However it may help in the short term to note that we provide a FIPS compliant version of SFTPPlus using the OpenSSL FIPS object Module by Open Source Software Institute which is FIPS 140-2 validated and certified by NIST - Certificate No. 733. The certificate states: "......Products which use the above identified cryptographic module may be labeled as complying with the requirements of FIPS 140-2 .....".
The Security Policy for the OpenSSL FIPS Object module is available here by pdf download. (1,363kb 45 pages).
CASE STUDY - an example of usage - Transferring data to the FSA using System to System Interface
The Financial Service Authority (FSA) is in the process of implementing the interfaces for Transaction Reporting System (TRS) Product Sales Data (PSD) and Securities Trades Reporting (Markets) XML documents using the System to System Interface.
The FSA has not recommended any specific tools for this transfer, but has provided links to web resources which can be used to identify appropriate SFTP client tools.
The current choice of tools for SFTP transfers is very large, but generally these are designed for interactive use, and provide little in the way of automated operations or audit trail for the client.
To address this need, Pro:Atria Ltd offer SFTPPlus, which draws on extensive enterprise level experience to provide automation and auditing for SFTP clients.
SFTPPlus provides an easily configured service, which will transfer files using SFTP to predefined destinations. It also has the ability to collect response files, with configurable names and time intervals.
With a combination of trusted open source tools and a flexible, configurable controlling service, SFTPPlus is ready for the FSA launch and adaptable for future requirements.
SFTPPlus has been designed to meet these and other requirements, and has sample configurations provided for both the FSA and Council for Mortgage Lending (CML) reporting environments. It is designed to be easily configured for future systems from these and other regulators as well as corporate requirements (for secure file transfer internally and with business partners) and compliance with HIPAA, SOX, Privacy and Data Protection laws in scenarios including NHSnet MTAs (NHS Messaging Service).
Enquiries:firstname.lastname@example.org or use our Sales Enquiry form. Our sales and pre-sales technical teams will promptly respond.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)