FIPS 140-2 Validated encryption module

The U.S. Department of Health and Human Services (HHS) recommends products certified for the FIPS 140-2 encryption standard to protect healthcare data.

To achieve compliance with the HIPAA and other government standards, software developers are increasingly turning to verified, certified solutions. DbDefence offers FIPS-140 encryption without increasing costs.

Since version 7.3 DbDefence includes FIPS 140-2 Validated encryption module 2398.

Read more about very important changes.

As of January 2018, previous certificate #819 has been expired.

Encryption code reside in the module called libeay32.dll which is copied with dbdefence.dll to the Binn folder of a SQL instance. This module is compiled accordingly to its Security Policy.

To encrypt data using validated module you need to change options in the Options dialog:

FIPS Validated encryption

There is no speed or encryption strength advantage in FIPS validated module. Using validated module for encryption will help you to comply with various requirements and standards.

To change encryption on already encrypted database you need to decrypt it first and then encrypt it with another options.

Command line encryption tool and API have a new options -V to use validated module for encryption. It will fail if dbdfips.dll or libeay32.dll is missing or tampered.