The encryption module (SSH Cryptographic Library Software Version 1.2.0) used in SSH TectiaTM Client/Server 4.0 has been awarded the United States Level 1 Federal Information Processing Standards (FIPS) 140-2 certification. In addition to current availability (SSH Tectia Client/Server 4.0), the FIPS 140-2 approved cryptographic module will also be available in future releases of SSH Tectia client/server software.
The Cryptographic Module Validation (CMV) Program of the U.S. National Institute of Standards and Technology (NIST) provides specifications for software and hardware products that employ cryptographic algorithms, cryptographic key generation and distribution techniques. Authentication techniques that are FIPS 140-2 approved are certified for protecting U. S. Federal Government unclassified information. Vendor products are tested for compliance to these specifications by NIST-approved testing laboratories. In accordance with the NIST certification guidelines, the SSH cryptographic module has been certified at Level 1, which defines software cryptographic functions to be performed in a general purpose PC without any additional hardware security mechanisms.
"Protecting various agencies of the U.S. Government from unauthorized access to sensitive data has become even more critical in today's environment," said George Adams, president and CEO of SSH Communications Security, Inc. "We are delighted not only to have this all-important validation of the robustness of our encryption methodology, but also to be doing our part to help ensure that U.S. Government communications are secure."
Tests performed by the NIST validated several algorithms implemented in the crypto module used in SSH Tectia, including AES, Triple DES, DSA and SHA-1, giving it approval for use in Federal agencies within the context of a complete security program. Many U.S. Government organizations are already using SSH's Secure Shell-based technology, even before the option for FIPS 140-2 crypto module use is available. These include the U.S. Army, U.S. Navy, U.S. Marine Corps, U.S. Air Force, the Department of Defense, the Department of Justice, Lawrence Livermore National Labs, NASA, the Naval Air Warfare Center, and others.
SSH Tectia is an enterprise class suite of security solutions based on SSH's industry leading technologies. SSH Tectia client/server solution is based on the award-winning SSH Secure Shell used by millions worldwide. SSH Tectia enables end-to-end secure communications throughout the internal and external network. SSH Tectia provides transparent strong encryption and authentication and easily integrates into heterogeneous, multi-platform environments. SSH Tectia's management capabilities allow for easy scalability and centralized policy deployment.