FIPS 140-2 Compliant File-Sharing Software

The Federal Information Processing Standards (FIPS) define U.S. and Canadian Government security and interoperability requirements for computer systems. The FIPS 140-2 standard specifies the security requirements for cryptographic modules. It describes the approved security functions for symmetric and asymmetric key encryption, message authentication, and hashing.

For more information about the FIPS 140-2 standard and its validation program, see the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) Cryptographic Module Validation Program website at https://csrc.nist.gov/projects/cryptographic-module-validation-program.

SynaMan, the file sharing software published by Synametrics Technologies, Inc. is fully compliant with FIPS 140-2 specification provided guidelines mentioned on this page are met.

Levels

FIPS 140-2 defines four levels of security, simply named "Level 1" to "Level 4".

Level 1

Level 1 provides lowest level of security and is enforced by configuring the software to use approved algorithms. In other words, when using SSL/TLS to transfer files, the software must use secure ciphers list on Approved Security Functions for FIPS 140-2 published by NIST

Starting v5.3, a separate installer is available for Windows and Linux on the download page.

Level 2 And Higher

Higher levels of FIPS compliance are related to hardware security. Since SynaMan is a 100% private solution, companies can achieve higher levels of FIPS compliance by hardening their network environment. Refer to this document for further details on how to achieve higher levels of compliance.

When To Enable FIPS 140-2 in SynaMan

Enabling this option in SynaMan disable ciphers considered weak according to FIPS guidelines. This means older browsers, mobile devices and other third-party software may not be able to communicate with SynaMan using SSL when this option is enabled.

On the other hand, using this option is required if you need to share files with government organizations, mainly United States and Canada.

100% Private

SynaMan is a 100% private, on-premise, file sharing solution. This means:

• Private data belonging to your organization will stay inside your company. No third party, including Synametrics Technologies, Inc., will ever get your data. This includes data in transit as well as at rest.
• No third party, including Synametrics Technologies, Inc., will have knowledge about users involved in data synchronization.
• No third party, including Synametrics Technologies, Inc., will have access to the metadata, such as file types, their size, or knowledge about the software that uses these files.

How To Use the FIPS Compliant Version

No additional steps are required when you download the FIPS compliant installers from the download page, provided SSL is enabled and necessary firewall ports are open.

Disadvantages of using FIPS compliant SynaMan

The FIPS compliant version of SynaMan will not work with older browsers that do not support TLS v1.3. Therefore, it is recommended you use this version only if it is required by your company policies.

FIPS Compliant Certification and Module

The FIPS compliant version of SynaMan uses the following module, which is certified by NIST.

Module Name:	Bouncy Castle FIPS module.
Certification Number:	3514
Certificate Date:	8th February 2022

Roadmap for FIPS 140-3

The U.S. federal government's transition to the FIPS 140-3 cryptography standard has begun, with NIST announcing that all FIPS 140-2 certificates will be retired in September 2026. A request for certification for FIPS 140-3 has already been submitted by Bouncy Castle, the FIPS module used in SynaMan. Therefore, future versions of SynaMan will include FIPS 140-3 validation.

Validation Steps

Use the following method to validate you're running a FIPS compliant version of SynaMan.

• Run a test against your server through Qualys SSL Labs
• The results of this test should return:
  • TLS v1.3 is in use
  • You do no see any weak ciphers. Check for details.