FIPS 140-2 Validated Encryption Module

The U.S. Department of Health and Human Services (HHS) recommends products certified for the FIPS 140-2 encryption standard to protect healthcare data.

To achieve compliance with the HIPAA and other government standards, software developers are increasingly turning to verified, certified solutions. DbDefence offers FIPS-140 encryption without increasing costs.

Since version 7.3, DbDefence includes the FIPS 140-2 Validated encryption module 2398.

Read more about very important changes.

As of January 2018, the previous certificate #819 expired.

The encryption code resides in the module called libeay32.dll, which is copied with dbdefence.dll to the Binn folder of a SQL instance. This module is compiled accordingly to its Security Policy.

To encrypt data using the validated module you need to change options in the Options dialog:

FIPS Validated encryption

There is no speed or encryption strength advantage in FIPS validated module. Using validated module for encryption will help you to comply with various requirements and standards.

To change encryption on an already encrypted database you need to decrypt it first and then encrypt it with another options.

The command line encryption tool and API have a new option -V to use the validated module for encryption. It will fail if dbdfips.dll or libeay32.dll is missing or tampered.