FIPS compliance

In alignment with the Federal Information Processing Standards (FIPS) guidelines for computer systems, set forth by the National Institute of Standards and Technology (NIST), Privileged Access Manager - Self-Hosted employs a FIPS 140-2 certified Object Module library in the following components:

  • Vault and Vault utilities

  • Password Vault Web Access (PVWA), which includes the following authentication method libraries:

    • SAML authentication (the library is FIPS compliant if the identity provider is FIPS compliant)

    • OpenID authentication (the library is FIPS compliant if the identity provider is FIPS compliant)

  • Central Policy Manager (CPM) (activation required - see Disable support for legacy modes)

  • Privilege Session Manager (PSM)

  • Privilege Session Manager (PSM for SSH) (activation required - see Configure FIPS-compliant mode)

Notwithstanding the foregoing, the following capabilities are not FIPS compliant, since they include third-party software that may not be FIPS compliant:

  • Vault Cluster Management

  • Distributed Vaults for Active-Active Session Management

  • PAM on Cloud in Azure

  • SNMP integration

  • DNA

  • auto detect

  • RADIUS authentication

  • PSM-SSH connections

  • PSM-WinSCP connections

  • PSM-AS400 connections

  • PSM-OS390 connections

  • PSM-SQLPlus connections

  • PSM Health Check

  • VMWare plug-in

  • RSA plug-in

  • PTA plug-in

  • AS400 plug-in

  • PSM for SSH MFA caching

  • HTML5 Gateway

  • All extensions (including plugins, tools and integrations) available on the CyberArk Marketplace