Federal Information Processing Standards (FIPS) sets the standard for security requirements for cryptographic modules. Developed by the U.S. government and first published by the National Institute of Standards & Technology (NIST) in 2001, FIPS 140-1 was replaced with FIPS 140-2 and since May 2002 has been the only standard accepted by the Cryptographic Module Validation Program. While FIPS 140-3 has now been approved for use, FIPS 140-2 certificates are still heavily utilized and will be supported through 2026.
For Windows deployments, Esri products are compatible with the operating system Use FIPS compliant algorithms security setting.
For Linux deployments, ArcGIS Enterprise can be configured to use FIPS approved algorithms for encryption in transport and supplemented with 3rd party mechanisms to enforce FIPS compliant encryption of data at rest (such as self-encrypting hard drives).
Resources
- FIPS 140-2 Requirements (Public)
- FIPS 140-3 Transition Schedule (Public)