Your application may or may not have to adhere to a particular FIPS standard. Your application may benefit from using NIST-approved algorithms or may require full FIPS certification, which requires CMVP validation and certification from a third-party, NIST-accredited lab. Identify your requirements and next steps.

Security requirement Next steps
Use stronger encryption algorithms No additional license required.
  • Replace existing encryption algorithms with NIST-approved algorithms.
    Note: Using an approved algorithm does provide the same assurance as using a FIPS 140 certified module.
Use FIPS mode Requires Progress® OpenEdge Advanced Security (OEAS) license.

  • Set FIPS mode.

  • Check FIPS mode.

  • Evaluate FIPS mode policy.

  • Update applications to use NIST-approved algorithms in a FIPS-140 certified module.

Become FIPS compliant Enabling FIPS mode does not make your application FIPS compliant. Application code, as well as all external dependencies like OS, hardware, and third-party libraries, must follow the FIPS 140 standard. Compliant states adherence to the FIPS 140 standard but does not have third-party CMVP validation.
Certify your application FIPS compliant applications may opt to complete the CMVP certification process.