Security Requirements for Cryptographic Modules are formalized in the Federal Information Processing Standard (FIPS publication 140-2), developed by the US National Institute of Standards and Technology (NIST) and Canadian Communication Security Establishment (CSE).
GoAnywhere MFT provides a FIPS 140-2 Compliance Mode and when enabled, it only permits the use of FIPS 140-2 compliant ciphers (e.g. AES, Triple DES) for encryption processes.
The FIPS 140-2 certified algorithms (ciphers) in GoAnywhere MFT are provided by an embedded RSAsecurity module and apply to all SSH and SSL communications within GoAnywhere MFT including SFTP, SCP, FTPS and HTTPS protocols.
RSA, a division of EMC, is a trusted provider of security, risk and compliance management solutions for business acceleration. By leveraging RSA's extensive experience with encryption technology and compliance criteria, GoAnywhere MFT is able to satisfy the stringent requirements for FIPS 140-2.
The RSA security module in GoAnywhere MFT is unmodified and is certified under NIST Certification 2468 and 2469, which was validated on February 9th, 2017.