FIPS 140-2 Compliant Emails

What is FIPS 140-2

The Federal Information Processing Standard (FIPS) 140-2 is a set of standards that govern the use of cryptographic technology, and FIPS compliance is required by all U.S. government agencies and the contractors and vendors who work with them. The FIPS 140-2 regulations stipulate that hardware or software cryptographic modules must use algorithms from an approved list when protecting data at rest and in motion.

How To Stay Compliance

Being a 100% on-premise solution, Xeams puts you in control when it comes to regulatory compliance. Two components are involved when ensuring you stay FIPS compliant:

1. In-Transit Communication
2. At-Rest Security

In-Transit Communication via Email

FIPS-enabled computers can only connect to servers with FIPS-compliant ciphers for SSL/TLS (Secure Sockets Layer/Transport Layer Security). For an email server to be compliant, it must use at least one cipher SSL/TLS mechanism for signing, hashing, and encryption.

Using configurable parameters, you can not only change the version of TLS used in Xeams but can also specify ciphers used during SSL communication.

At-Rest Security

At-Rest security is achieved by hardening the operating system and restricting access to the machine where Xeams is installed. Refer to Microsoft's 140-2 Validation for further details on how to ensure the machine is secure.

End-To-End Encryption

In additional to the in-transit and hardware level security, Xeams also offers End-To-End encrypted emails, which uses strong AES encryption to convert emails into password-protected PDF files that can only be viewed by intended recipients.

Large Attachments

When combined with SynaMan's Embedded SMTP Server, Xeams can detach any large attachments from both inbound and outbound emails, allowing users to then download the files using an HTTPS server.