FIPS 140-2 Validated Encryption Module
The U.S. Department of Health and Human Services (HHS) recommends products certified for the FIPS 140-2 encryption standard to protect healthcare data.
To achieve compliance with the HIPAA and other government standards, software developers are increasingly turning to verified, certified solutions. DbDefence offers FIPS-140 encryption without increasing costs.
Since build 1237, DbDefence includes the FIPS 140-2 Validated encryption module 4282.
Previous builds used certificate 3503.
Changes are formal and don't include any changes in the algorithm. So, previously encrypted databases and backups will work.
As of October 2020, the previous certificate #2398 has been moved to the historical list. If a validation certificate is marked as historical, Federal Agencies should not include these in new procurement. This does not mean that the overall FIPS-140 certificates for these modules have been revoked.
The encryption code resides in the module called fips.dll (older builds use libeay32.dll), which is copied with dbdefence.dll to the Binn folder of a SQL instance. This module is compiled accordingly to its Security Policy.
To encrypt data using the validated module you need to change options in the Options dialog:
There is no speed or encryption strength advantage in FIPS validated module. Using validated module for encryption will help you to comply with various requirements and standards.
To change encryption on an already encrypted database you need to decrypt it first and then encrypt it with another options.
The command line encryption tool and API have a new option -V to use the validated module for encryption. It will fail if dbdfips.dll or libeay32.dll is missing or tampered.