FIPS 140-2 certification status for the Symantec Endpoint Encryption 11 cryptographic module
search cancel

FIPS 140-2 certification status for the Symantec Endpoint Encryption 11 cryptographic module

book

Article ID: 150141

calendar_today

Updated On:

Products

Endpoint Encryption Desktop Email Encryption Drive Encryption Encryption Management Server File Share Encryption Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

Symantec Enterprise Division obtained validation by NIST on October 21, 2020 for SDK version 4.4. 

As of this writing there are two cryptographic SDK versions that are currently validated and each of these validations are listed below:

*Symantec Endpoint Encryption 11.3.1 and above use the Version 4.4 SDK and are FIPS 140-2 validated.

*Symantec Endpoint Encryption versions 11.3.0 and older use Version 4.3 SDK and is a validated FIPS 140-2 cryptographic module in Historical status.


For all versions and builds of SEE including SDK versions, see the following article:

161867 - Symantec Endpoint Encryption version 11.x Build Number Comparison


For Symantec Encryption Desktop 10.x and Symantec Encryption Management Server 3.x (PGP Products) and FIPS validation information, see article the following article:

178330 - FIPS 140-2 certification status for the PGP product line cryptographic module

 

 

Resolution

SDK Version 4.4:
Module Name: Symantec PGP Cryptographic Engine
Standard: FIPS 140-2
Status: Active
Validation Dates: 10/21/2020
Overall Level1

Symantec Endpoint Encryption 11.3.1 and above use SDK 4.4. 


SDK Version 4.3:
Module Name: Symantec PGP Cryptographic Engine
Standard: FIPS 140-2
Status: Historical
Validation Dates: 05/21/2015, 07/06/2015
Overall Level1

Note that FIPS Validation for Symantec Encryption products that use SDK version 4.3 has entered a "Historical" status. As stated in the NIST documentation, FIPS validation is still considered valid and is not considered "Revoked", "Expired" or "Invalid", and can still be used in most cases--consult your own FIPS requirements. Therefore SDK version 4.3 is still considered FIPS validated and will remain valid pending a status change to "Revoked".

Symantec Endpoint Encryption 11.3.0 and older used SDK 4.3. 


For more details on this, please contact Symantec Enterprise Division support.

 

FIPS 140 details

The Cryptographic Module Validation Program webpage http://csrc.nist.gov/groups/STM/cmvp/index.html has the following description of the importance of FIPS 140-2 to US federal agencies:

FIPS 140-2 precludes the use of non-validated cryptography for the cryptographic protection of sensitive or valuable data within Federal systems. Non-validated cryptography is viewed by NIST as providing no protection to the information or data - in effect the data would be considered unprotected plaintext. If the agency specifies that the information or data be cryptographically protected, then FIPS 140-2 is applicable. In essence, if cryptography is required, then it must be validated.

The FIPS 140 validation certificate 2377, for Symantec PGP Cryptographic Engine, is posted on the Cryptographic Module Validation Program website at: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2015.htm#2377

 

To check which Cryptographic engine you are using with Symantec Endpoint Encryption, right-click the "PGPce.dll" file in the "c:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption" folder, and click the "Details" tab to check the "File Version" value.  If the value is 4.3 as mentioned above, the client is covered by FIPS validation.  The SEE client is always running with the FIPS validated module.

 

 

Additional Information

To be able to search on the NIST website for validated modules, click here.

To see all all modules currently in process for validation, click here.

178330 - FIPS 140-2 certification status for the PGP product line cryptographic module

150141 - FIPS 140-2 certification status for the Symantec Endpoint Encryption 11 cryptographic module

267847 - Enable FIPS mode with PGP Command Line Permanently