Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO
0 votes
6k views
in FAQ: edtFTPj/PRO by (51.1k points)
closed by
Is edtFTPj/PRO FIPS-140 certified?
closed with the note: Answered

1 Answer

0 votes
by (20.4k points)
 
Best answer

The answer is no. Karl Levinson at SecLists.Org explains it very clearly.
This quote explains the main reason why our products are not FIPS-140 or FIPS-140-2 certified:

FIPS certification is probably expensive and time consuming for the vendor, so that the products that get it would tend to be older products from larger, more monolithic companies, which may not necessarily guarantee you're getting superlative security.

And here's an illustration of how FIPS-140 certification can actually result in a lower level of security:

With MS Windows, for example, you probably don't want to enable "FIPS-compliant encryption mode," because an older, weaker encryption algorithm will be used for EFS disk encryption, rather than newer, stronger but uncertified protocols.

- Hans Andersen (EnterpriseDT)

...