Privilege Management for Unix and Linux FIPS 140-2 Compliance Statement

Summary

The Federal Information Processing Standard (FIPS) Publication 140-2 (FIPS 140-2) is a U.S. government computer security standard used to accredit cryptographic modules.

This document details the FIPS 140-2 approved third-party cryptographic modules used in BeyondTrust Privilege Management for Unix and Linux.

The compliance of Privilege Management for Unix and Linux with FIPS 140-2 is ensured by the use of exclusively FIPS 140-2 compliant, third party cryptographic algorithms, and using the algorithms as the only providers of cryptographic services as applicable for product operation.

 

Cryptographic algorithms are only used if High Security is enforced.

Third-Party Cryptographic Modules

Product Area Encryption Library Manufacturer, Version
All data encryption and network communications

AES-128

AES-192

AES-256

3DES

SHA-256

FIPS compliant OpenSSL OpenSSL, 1.0.2a
Binary file checksum and Authentication HASH for REST services MD5 Source built into the product Derived from Open Source code originally written by Colin Plumb 1993