MOVEit Crypto, the encryption component used to secure data and settings in MOVEit DMZ and MOVEit Central in mission-critical, Internet-exposed applications, has been revalidated under FIPS 140-2 and has been issued certificate #1363.   This certificate should be available on the Cryptographic Module Validation Program (CMVP)’s website ( in 1-2 weeks.

The changes in MOVEit Crypto that required the revalidation were mainly related to the introduction of “SHA-2” hashes such as as SHA-256.  As you may already be aware, use of unkeyed SHA-1 hashes will be disallowed in U.S. government applications by the end of the year.  (Weaker hashes such as MD5 and non-cryptographic quality integrity checks such as CRC are already disallowed.)  Fortunately, existing MOVEit products make use of keyed SHA-1 hashes (not the unkeyed hashes that will soon be disallowed), so use of existing MOVEit products with the older version of MOVEit Crypto will be allowed in U.S. government applications well beyond the end of the year.

How IT Pros Can Save 30 Minutes a Day

How IT Pros Can Save 30 Minutes a Day

Implementing Compliance for Data Privacy in Regulated Industries

Free Webinar: Implementing Compliance for Data Privacy in Regulated Industries

Reader Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Ipswitch Blog

This post was written by Ipswitch Blog

Ipswitch helps solve complex IT problems with simple solutions. The company’s software has been installed on more than 150,000 networks spanning 168 countries to monitor networks, applications and servers, and securely transfer files between systems, business partners and customers. Ipswitch was founded in 1991 and is based in Lexington, Massachusetts with offices throughout the U.S., Europe, Asia and Latin America.