Regulatory compliance is a primary consideration for the enterprise. From privacy to corporate governance to business practices and standards, regulation has infiltrated so many aspects of corporate affairs that it has become a challenge for businesses just to keep up. Many organizations, such as those in the healthcare and financial sectors, are subject to so many different types of regulation on so many different levels, that selection of IT infrastructure – with both the flexibility and security to fully meet requirements – has become crucially important.

Federal Information Processing Standards (FIPS) Compliance

Federal Information Processing Standard 140-2(FIPS 140-2) is a standard that describes US Federal government requirements that IT products should meet for Sensitive, but Unclassified (SBU) use. The standard was published by the National Institute of Standards and Technology (NIST), has been adopted by the Canadian government's Communication Security Establishment (CSE), and is likely to be adopted by the financial community through the American National Standards Institute (ANSI).

The standard defines the security requirements that must be satisfied by a cryptographic module used in a security system protecting unclassified information within IT systems. There are four levels of security: from Level 1 (lowest) to Level 4 (highest). These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be deployed. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include basic design and documentation, module interfaces, authorised roles and services, physical security, software security, operating system security, key management, cryptographic algorithms, electromagnetic interference/electromagnetic compatibility (EMI/EMC), and self-testing.

FIPS Levels

Level 1: The lowest level of security. No physical security mechanisms are required in the module beyond the requirement for production-grade equipment.

Level 2: Tamper evident physical security or pick resistant locks. Level 2 provides for role-based authentication. It allows software cryptography in multi-user timeshared systems when used in conjunction with a C2 or equivalent trusted operating system.

Level 3: Tamper resistant physical security. Level 3 provides for identity-based authentication.

Level 4: Physical security provides an envelope of protection around the cryptographic module. Also protects against fluctuations in the production environment.

Array Networks uses the highest performing NIST FIPS 140-2 level 2 and 3 certified Cards

The following lists FIPS certified cipher suites supported in SPX4800 or 5800 or a 6800 FIPS system:

256-bit AES with SHA
128-bit AES with SHA
128-bit RC4 with MD5
128-bit RC4 with SHA
168-bit Triple-DES with SHA

Download FIPS Support Document

APV Series Datasheet
Application Delivery Controllers
(PDF – 1.28MB)
DesktopDirect Datasheet
Remote Desktop Access
(PDF - 404 KB)
SPX Series Datasheet
Universal Access Controllers
(PDF - 789KB)

Array Networks Launches First iPhone Application for Enterprise Remote Desktop Access <More>
Array Networks Unveils New Version of Application Delivery Controller <More>

Toll Free in US:
1.866.MY ARRAY
1.866.692 7729
Outside the US:
1.408.240.8700
Email Sales