FIPS-Certified Library

FIPS mode is included in the Advanced Security module in EFT Enterprise. In EFT Express, FIPS mode requires the Express Security module. If the module is not licensed, then when the trial expires, EFT can no longer operate in FIPS mode. If the module has expired when you attempt to start a Site on a Server that has FIPS mode enabled, an error message appears in the administration interface, and an error message is sent to the Event Log.

The Federal Information Processing Standard (FIPS) Publication 140-2 specifies the security requirements of cryptographic modules used to protect sensitive information. When the EFT service is started, if FIPS is enabled, a message displays which protocols are in use and which of the protocols in use are FIPS certified. When you enable FIPS, the ciphers, key lengths/types, and hash lengths/types that are not FIPS-approved are not available, and an initialization routine executes a series of startup tests that set the cryptographic module into a FIPS-approved operational state.

After you enable or disable FIPS mode,  you must restart the EFT server service.

If a FIPS-approved state cannot be achieved when FIPS is enabled, all Sites will stop, and an error message appears in the Windows Event Log and the EFT administration interface. After you dismiss the message, the EFT administration interface closes.

Related topics