Help Center

Data Encryption Between Servers

Communications and storage of sensitive data will be subject to enhanced encryption based on Federal Information Processing Standards (FIPS) 140-2.

FIPS 140-2 is a U.S government computer security standard that is used to accredit cryptographic modules. The National Institute of Standards and Technology (NIST) issued the FIPS 140 Publication Series to coordinate the requirements and standards for cryptography modules that include both hardware and software components. The protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module. This standard specifies the security requirements that will be satisfied by a cryptographic module.

The following table shows the supported platforms that are currently FIPS 140-2 compliant.

Platform

FIPS 140-2 Compliant

MS Windows

Yes

UNIX

No

Linux

No

HPE NonStop

No

The following Encryption Algorithms are used

  • AES256-CFB-HMAC

  • AES256-CTR-SHA256

Network Router communication traffic between Prognosis servers will always be encrypted, by default using the legacy AES256-CTR-SHA256 encryption algorithm (non FIPS).

Recommendations

In all environments, the following approach is recommended:

  • Upgrade all servers to version 11.8 to ensure the highest level of encryption is available.

  • Leave the default encryption enabled on all servers unless there are specific needs in the environment. For example, if there are old versions on some Monitoring Servers, or there is a very high data throughput.

In high-security environments, the following additional actions are recommended:

  • If required, consider enabling FIPS mode encryption where the entire deployment consists of MS Windows servers.

Encryption Usage

The following pages provide details and instructions on configuring and using the encryption feature.

Provide feedback on this article