Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO
0 votes
7.9k views
in FAQ: CompleteFTP by (51.7k points)
retagged by
Is CompleteFTP FIPS-140 certified?

1 Answer

0 votes
by (20.4k points)
 
Best answer

People often ask us if CompleteFTP is FIPS-140 certified.

The answer is no, but from from version 6.3.0, CompleteFTP will run correctly when Use FIPS compliant algoritms for encryption, hashing, and signing, is enabled on the Windows machine it is installed on. Applications are permitted to disable FIPS compliance, and CompleteFTP does this so that it can still be run.

According to Karl Levinson, there are good reasons not to pursue FIPS-140 compliance.

Firstly, the cost.

FIPS certification is probably expensive and time consuming for the vendor, so that the products that get it would tend to be older products from larger, more monolithic companies, which may not necessarily guarantee you're getting superlative security.

Secondly, FIPS-140 certification can actually result in a lower level of security:

With MS Windows, for example, you probably don't want to enable "FIPS-compliant encryption mode," because an older, weaker encryption algorithm will be used for EFS disk encryption, rather than newer, stronger but uncertified protocols.

- Hans Andersen (EnterpriseDT)

by (100 points)
The link seems no longer valid (I get a completely blank page) and I'm curious for your reasons as FIPS-140 certification would go a long way to getting completeFTP accepted as a viable solution in my company. Can you provide another link to the content?
...