FIPS Compliance

    Ensure FIPS compliance with Mimecast's Security Messaging Service and Cloud Archive.
    Overview

    Ensure FIPS compliance with Mimecast

    The Federal Information Processing Standard (FIPS) 140-2 is a set of standards that govern the use of cryptographic technology, and FIPS compliance is required by all U.S. government agencies and the contractors and vendors who work with them. The FIPS 140-2 regulations stipulate that hardware or software cryptographic modules must use algorithms from an approved list when protecting data at rest and in motion. FIPS compliance also requires organizations using cloud services to use approved encryption techniques for data transmitted to and from cloud services, and while data is at rest in a cloud-based application.

    FIPS compliance is essential for any organization inside or working with the US federal government. For organizations that want to simplify FIPS compliance for email, Mimecast provides FIPS-compliant solutions for secure messaging, cloud archiving and email management.

     

    GettyImages-1281122486-1200px.jpg

     

    Mimecast technology for FIPS compliance

    Mimecast offers a cloud-based, all-in-one solution for email security, archiving, compliance and continuity, enabling organizations to achieve true cyber resilience while reducing IT complexity. As a SaaS-based solution, Mimecast can be deployed quickly and easily with no capital costs for hardware or software. And with easy-to-use features for managing security, archiving and compliance from a single web-based console, Mimecast dramatically reduces the email management burden on IT teams.

    Mimecast solutions ensure FIPS compliance by employing cryptographic functionality that is aligned with the standards set forth in FIPS 140-2. FIPS-compliant solutions include:

    • Secure Messaging Service, a cloud-based service that enables users to send and receive secure email communications right from their preferred email client. Secure Messaging enables FIPS compliance by allowing users to send encrypted messages by simply ticking a box before pressing Send, and by providing tools for policy-driven enforcement of the use of encryption for certain email messages.
    • Mimecast Cloud Archive, a central repository of email data that ensures FIPS compliance by automatically encrypting email and storing it in geographically diverse data centers with ISO 270001 secure encryption key management with access controls and logging.

     

    Beyond FIPS compliance: additional compliance solutions

    In addition to encryption solutions for FIPS compliance, Mimecast archiving and security solutions enable organizations to achieve HIPAA email compliance, GDPR compliance, Dodd-Frank ComplianceMiFID compliance, and to meet FINRA compliance requirements for WORM storage.

    The Mimecast Cloud Archive provides the industry's most comprehensive suite of capabilities for email records retention and discovery, along with compliance and litigation support that includes legal hold, case management and data export.

    Mimecast Supervision, an integrated solution for Cloud Archive, provides tools to improve the efficiency of compliance reviewers and to eliminate the bottlenecks in compliance reviews that can add delay and jeopardize compliance.

    Mimecast security solutions help to achieve compliance with regulations concerning information protection by providing advanced defense against threats like ransomware, spear-phishing and impersonation, along with analysis that prevents data leaks and blocks users from visiting malicious websites. Mimecast security technology can help to protect the most widely used email platforms, including Exchange and Office 365 threat intelligence, for instance.

     

    FAQs: What is FIPS compliance?

    What is FIPS compliance?

    Federal Information Processing Standards 140-2, or FIPS 140-2, is a set of standards that specify the approved cryptographic technology to be used by government agencies and the contractors and vendors they employ. To achieve FIPS compliance, organizations must incorporate best practices and approved technology for implementing crypto algorithms and encryption schemes, handling important data, and working with various operating systems and hardware.

    What organizations are required to have FIPS compliance?

    FIPS compliance is mandatory for US government agencies as well as any subsidiaries, contractors and vendors who receive US government contracts.

    Why is FIPS compliance important?

    FIPS ensures that data used by U.S. government agencies and the contractors and vendors they employ is adequately protected from theft and exposure.

    Related FIPS Compliance Resources

    Haut de la page