FIPS Mode

SecureCRT


Federal, state, and local government agencies, critical infrastructure providers like public utilities, and private sector organizations that do business over the public network with these agencies must use encryption that meets the FIPS 140-2 standard.

If you need to protect data in transit as outlined by FIPS 140-2 or NIST 800-53, SecureCRT has an administrator option to run in "FIPS Mode". When this option is set, SecureCRT will use a FIPS 140-2 validated cryptographic library and only allow FIPS-approved algorithms.

VanDyke Software has partnered with RSA Security, Inc. to use the BSAFE Crypto-C Micro Edition cryptography module which has been tested by Atlan Laboratories, an accredited testing laboratory for FIPS compliance. This module has met all Level 1 requirements for FIPS 140-2 compliance when operated in FIPS mode.

The following FIPS-approved Cryptographic algorithms are used: DSA (Cert. #143); Triple-DES (Cert. #378); AES (Cert, #303); RSA (Cert. #96); SHA-1; Diffie-Hellman (used for key exchange in SSH2 is allowed in FIPS mode but not approved).

The following algorithms are not available in FIPS mode: MD5; Twofish; Blowfish; RC4.

Enabling FIPS Mode

To run SecureCRT in FIPS mode, you must first configure the Microsoft Management Console (MMC) to recognize the VanDyke Software administrative template (.adm) file; once this is done, you can enable FIPS mode by completing the follow steps:

1.   In MMC, navigate to VanDyke Software Settings and select the Enable FIPS Mode setting.

2.   Open the Properties dialog by selecting Properties from the Action menu.

3.   On the Setting tab, select Enabled.  Press the OK button to save the change.

FIPS mode will be enabled the next time SecureCRT is started.