The National Institute of Standards and Technology(NIST) defines and maintains the Federal Information Processing Standards (FIPS). NIST publishes and enforces these standards to ensure consistent and secure cryptographic practices across federal agencies. OpenEdge supports FIPS 140-3 certified cryptographic modules. The FIPS 140 standard includes more than using a set of NIST-approved algorithms. The standard addresses the implementation and integrity of cryptographic modules, including:

  • Certification from the Cryptographic Module Validation Program (CMVP): The cryptographic module must be certified under the CMVP, which involves testing by a NIST-accredited independent lab.

  • Startup Self-Test: The module must perform a self-test at startup to verify its integrity and correct operation.

  • Authenticated Role Access: Access to cryptographic functions must be restricted based on authenticated roles.

  • Tamper Resistance: The module must include mechanisms to detect and respond to physical or logical tampering attempts.

  • Encryption Key Management: Implement secure generation, storage, distribution, and destruction of encryption keys.

  • Module Integrity: The software product must ensure the module has not been replaced or altered, using integrity checks.