Open with table of contents

Operating in FIPS mode

FIPS (Federal Information Processing Standards) is a set of standards developed by the United States Federal Government for use in computer systems. FIPS 140-2 is the subset of standards which defines approved encryption algorithms used for handling sensitive information.

If your Clearswift ARgon for Email has been pre-configured to operate in FIPS Mode, the cryptographic modules used by the ARgon Server are compliant with FIPS-140-2.

Consequently, in FIPS mode, you will not be able to do the following:

• Use PGP encryption or decryption
• Set PGP endpoint defaults
• Import or extract PGP keys
• Apply password encryption
• View PGP or Password encryption statistics

Tell me about...

• FIPS-140-2 and the Clearswift ARgon for Email

  Many organizations handle sensitive information on a regular basis. Government departments, financial institutions and other high security industries require a recognized level of security when exchanging information. FIPS-140-2 provides approved standards for message encryption and data handling, and is a key requirement for an increasing number of organizations. In FIPS Mode, the Clearswift ARgon for Email is compliant with this requirement.

  FIPS Mode provides confidence that the ARgon Server is handling sensitive and unclassified information to the FIPS 140-2 standard required by US Federal Government.

• FIPS and Peered ARgon Servers

  FIPS-enabled Email ARgon Servers can be peered with other FIPS enabled ARgon Servers. However, FIPS compliance can not be extended to ARgon Server Peers which are not FIPS enabled.

• Backing up and Restoring FIPS Configurations

  You can only restore FIPS configurations to a FIPS enabled ARgon Server. This ensures FIPS compliance is maintained consistently on your ARgon Server or across your ARgon Server Peers.

  You cannot restore a non-FIPS configuration to a FIPS enabled ARgon Server. You cannot restore a FIPS configuration to a non-FIPS enabled ARgon Server.

• ARgon Server services which operate in FIPS Mode

  The following services use FIPS-approved cryptography:

  • SMTP mail services
  • SpamLogic
  • Policy Enforcement
  • Encryption

• FIPS Mode and S/MIME signatures

  If a ARgon Server is FIPS enabled, weaker S/MIME signatures (for example, signatures from a non-FIPS enabled ARgon Server) will be identified as 'Unknown'.

• Areas of Non-Compliance

  There are a number of processes that are necessary to the operation of the ARgon Server which are currently not FIPS compliant. These are described in detail in the FIPS Areas of Non Compliance topic in the Reference section.

How do I...

• Find out whether my ARgon Server is using FIPS mode?

  From the ARgon Server Home page, click System > Logs & Alarms.

  Select the System Logs tab.

  If the FIPS Audit log is enabled, the ARgon Server is operating in FIPS Mode.

  If the FIPS Audit log is disabled, the ARgon Server is not operating in FIPS Mode.

  Alternatively:

  From the ARgon Server Home page, click System > Encryption > Encryption/Decryption Defaults.

  If your ARgon Server is operating in FIPS Mode, the following warning message is displayed:

  While using Clearswift ARgon for Email in FIPS mode you will be unable to use PGP or Password as Encryption/Decryption options.

• Enable or Disable FIPS Mode?

  FIPS mode is selected during the installation of Clearswift ARgon for Email. It cannot be enabled (or disabled) without re-installing the ARgon Server.