Citrix chose to develop — and invest in — a cryptographic module that sets a common standard and security compliance process across all of our products, so that we can provide our customers with FIPS-enabled, certified functionality, whether on premise or in the cloud.
Strong cryptography is a crucial element to the security of all products utilized by businesses large and small, across all industries, because it protects confidential information and enhances user authentication. Citrix has just been awarded a certificate for our new Federal Information Processing Standards (FIPS) cryptography module to enforce approved encryption within our products. Citrix has long supported FIPS 140-2 and this new module will further unify and expand the FIPS footprint across our product portfolio.
The Citrix FIPS Cryptographic Module is now validated by the U.S. National Institute of Standards and Technology (NIST). This certification further validates that Citrix adheres to a higher level of security built within our products. The NIST Cryptographic Module Validation Program (CMVP) is a rigorous test and validation program that ensures the most up-to-date and effective cryptographic algorithms are utilized to enhance security and protect sensitive information.
There is a distinct difference between compliant cryptographic modules and certified cryptographic modules, only certified modules provide the most up-to-date approved algorithms and must be actively maintained to remain.
The use of certified modules greatly reduces the risk of using weak encryption that may be embedded within compliant (but not necessarily secure) modules, which could create vulnerabilities within IT systems – leading to data theft, credential harvesting or compromised networks.
Encryption algorithms don’t last forever, and many include old algorithms that can cause vulnerabilities and add even more complexity for meeting mandatory cyber security compliance and industry-specific regulations such as SOC 2, PCI, FISMA and HIPAA. Highly regulated business segments such as the public sector, finance, utilities, and healthcare, know that insisting on certified products that meet FIPS standards is essential for meeting compliance AND security requirements. Only approved cryptographic modules ensure that businesses and government agencies are employing approved, up-to-date encryption, instead of working from outdated encryption algorithms that could lead to potential security breaches.
Taking Cloud Security A Step Further
As for impact into cloud computing environments, many of the cloud computing security frameworks such as FedRAMP, the Cloud Security Alliance and the Australian IRAP specifically require approved, certified encryption as a cornerstone for meeting each of their stringent accreditation requirements. The Citrix Crypto Module provides a common, strong and certified method to secure cloud-based information and computing through our products and within the core security elements of Citrix Cloud. Security is not an add-on at Citrix, it’s a built-in requirement to ensure that no matter the cloud, network, device or location, our customers and our own apps and data are securely delivered.
For more information and technical details, visit the Citrix module validation listing at the NIST CMVP page.