Back to Community Threads
2
FIPS Complience and Certification(s)
Question asked by Bruce Barnes - 8/13/2015 at 10:22 PM
Unanswered
Great work on the latest upgrade of SmarterMail, guys!

Now that SmarterMail 14.2.5703 is FIPS complaint, will SmarterTools be submitting SmarterMail to be  listed in the FIPS database of complaint products?
 
Here's the current list, as of today, Friday, 14 August, 2015, and it's not listed yet:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm

It would also be nice to get some kind of FIPS 114-2 compliance certification statement from SmarterTools as this would be the first step in creating a FIPS 114-2, Level 4 compliant hosting center and could be a huge selling tool. 

FIPS 140-2 defines four levels of security, simply named "Level 1" to "Level 4". It does not specify in detail what level of security is required by any particular application.
  • FIPS 140-2 Level 1 the lowest, imposes very limited requirements; loosely, all components must be "production-grade" and various egregious kinds of insecurity must be absent.
  • FIPS 140-2 Level 2 adds requirements for physical tamper-evidence and role-based authentication.
  • FIPS 140-2 Level 3 adds requirements for physical tamper-resistance (making it difficult for attackers to gain access to sensitive information contained in the module) and identity-based authentication, and for a physical or logical separation between the interfaces by which "critical security parameters" enter and leave the module, and its other interfaces.
  • FIPS 140-2 Level 4 makes the physical security requirements more stringent, and requires robustness against environmental attacks.

 

A PDF on maintaining continued FIPS 140-2 compliance is available here:
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
TLS 1.0/1.1 Deprecation InformationGeneral Topics
Automatic SSL Certificates on a New SmarterMail ServerSmarterMail > Server Configuration and Management
Integrating Existing SSL Certificates With SmarterMail Automated SSL CertificatesSmarterMail > Server Configuration and Management
Manually Securing SmarterMail Using Let's Encrypt and Certify the WebSmarterMail > Installation and Configuration