FIPS 140-2 Compliant Emails
What is FIPS 140-2
The Federal Information Processing Standard (FIPS) 140-2 is a set of standards that govern the use of cryptographic technology, and FIPS compliance is required by all U.S. government agencies and the contractors and vendors who work with them. The FIPS 140-2 regulations stipulate that hardware or software cryptographic modules must use algorithms from an approved list when protecting data at rest and in motion.
FIPS 140-2 Compliant Downloads
The download page offers FIPS 140-2 compliant installers for Microsoft Windows and Linux operating system. These installers use NIST approved cyptography modules to ensure only approved SSL cyphers are allowed during SSL handshake.
How To Stay Compliant
Being a 100% on-premise solution, Xeams puts you in control when it comes to regulatory compliance. Two components are involved when ensuring you stay FIPS compliant:- In-Transit Communication
- At-Rest Security
In-Transit Communication via Email
FIPS-enabled computers can only connect to servers with FIPS-compliant ciphers for SSL/TLS (Secure Sockets Layer/Transport Layer Security). For an email server to be compliant, it must use at least one cipher SSL/TLS mechanism for signing, hashing, and encryption.
Using configurable parameters, you can not only change the version of TLS used in Xeams but can also specify ciphers used during SSL communication.
At-Rest Security
At-Rest security is achieved by hardening the operating system and restricting access to the machine where Xeams is installed. Refer to Microsoft's 140-2 Validation for further details on how to ensure the machine is secure. Additionally, at-rest security is enhanced when combined with end-to-end encryption, as described below.End-To-End Encryption
In additional to the in-transit and hardware level security, Xeams also offers End-To-End encrypted emails, which ensures only the intended recipient can view sensitive emails.
Xeams offers two methods for end-to-end encryption:
- Web-based - Allowing recipients to view their sensitive emails through Xeams' web interface running on your end.
- PDF - Xeams can convert sensitive emails into a password-protected PDF file, which can only be viewed by the intended recpient.
Large Attachments
When combined with SynaMan's Embedded SMTP Server, Xeams can detach any large attachments from both inbound and outbound emails, allowing users to then download the files using an HTTPS server.FIPS Compliant Certification and Module
The FIPS compliant installers for Xeams use the following module:
| Module Name: | Bouncy Castle FIPS module. |
|---|---|
| Certification Number: | 3514 |
| Certificate Date: | 8th February 2022 |