FIPS compliance

In alignment with the Federal Information Processing Standards (FIPS) guidelines for computer systems, set forth by the National Institute of Standards and Technology (NIST), Privileged Access Manager - Self-Hosted employs a FIPS 140-2 certified Object Module library in the following components:

• Vault and Vault utilities

• Password Vault Web Access (PVWA)

• Central Policy Manager (CPM) (activation required - see Configure FIPS-compliant mode)

• Privilege Session Manager (PSM)

• Privilege Session Manager (PSM for SSH) (activation required - see Configure FIPS-compliant mode)

• SAML authentication (the library is FIPS compliant if the identity provider is FIPS compliant)

• OpenID authentication (the library is FIPS compliant if the identity provider is FIPS compliant)

Notwithstanding the foregoing, the following capabilities are not FIPS compliant, since they include third-party software that may not be FIPS compliant:

• Vault Cluster Management

• Distributed Vaults for Active-Active Session Management

• PAM on Cloud in Azure

• SNMP integration

• DNA

• auto detect

• RADIUS authentication

• PSM-SSH connections

• PSM-WinSCP connections

• PSM-AS400 connections

• PSM-OS390 connections

• PSM-SQLPlus connections

• PSM Health Check

• VMWare plug-in

• RSA plug-in

• PTA plug-in

• AS400 plug-in

• PSM for SSH MFA caching

• HTML5 Gateway

• All extensions (including plugins, tools and integrations) available on the CyberArk Marketplace