FIPS 140-2 Compliant Emails
What is FIPS 140-2
The Federal Information Processing Standard (FIPS) 140-2 is a set of standards
that govern the use of cryptographic technology, and FIPS compliance is required
by all U.S. government agencies and the contractors and vendors who work with them.
The FIPS 140-2 regulations stipulate that hardware or software cryptographic modules
must use algorithms from an approved list when protecting data at rest and in motion.
How To Stay Compliance
Being a 100% on-premise solution, Xeams puts you in control when it comes to regulatory compliance.
Two components are involved when ensuring you stay FIPS compliant:
- In-Transit Communication
- At-Rest Security
In-Transit Communication via Email
FIPS-enabled computers can only connect to servers with FIPS-compliant ciphers for SSL/TLS
(Secure Sockets Layer/Transport Layer Security). For an email server to be compliant, it must use at
least one cipher SSL/TLS mechanism for signing, hashing, and encryption.
Using configurable parameters, you can not only change the version of TLS used in Xeams but can also specify ciphers used
during SSL communication.
At-Rest security is achieved by hardening the operating system and restricting access to the machine where Xeams is installed.
Refer to Microsoft's 140-2 Validation
for further details on how to ensure the machine is secure.
In additional to the in-transit and hardware level security, Xeams also offers End-To-End encrypted
emails, which uses strong AES
encryption to convert emails into password-protected PDF files that can only be viewed by intended recipients.
When combined with SynaMan's Embedded SMTP Server
, Xeams can detach any large attachments
from both inbound and outbound emails, allowing users to then download the files using an HTTPS server.