Documentation
HECVAT-onprem-v3.0.5
Datacenter
OPDC-07

Question OPDC-07

Do you employ or allow any cryptographic modules that do not conform to the Federal Information Processing Standards (FIPS PUB 140-2)?

Weight40
High RiskYes
RequiredYes
Compliant AnswerNo

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

EDUCAUSE provides no guidance here

Answering "YES"

Provide a detailed description of all nonconforming modules.

Reason for Question

Beware the use of proprietary encryption implementations. Open standard encryption, preferably mature, is often preferred. Although there may be cases if which that is not the case, be sure to understand the vendor's infrastructure and the true security of a vendor's solution.

Follow-Up Inquiries

If the vendor cannot accommodate open standards encryption requirements, direct them to NIST's Cryptographic Standards and Guidelines document at https://csrc.nist.gov/Projects/Cryptographic-Standards-and-Guidelines (opens in a new tab)

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]