Your browser does not allow storing cookies. We recommend enabling them.

SSH Communications Security Meets U.S. Federal Government Security Assurance Standards


Crypto Module in SSH Communications Security’s CryptoAuditor Solution Meets Stringent Government Standards

HELSINKI and WALTHAM, Mass., Dec. 18, 2014 – In their ongoing efforts to steal sensitive data, hackers and malicious insiders are using encrypted channels to hide data exfiltration. SSH Communications Security today announced that its CryptoAuditor solution uses a crypto module that has achieved Federal Information Processing Standard (FIPS) 140-2 certificationfrom the National Institute of Standards and Technology (NIST). CryptoAuditor can now be used by national agencies in the U.S. and Canada that use cryptographic-based security systems to protect sensitive information. For more information, visit

Unmonitored, uncontrolled and unaudited encrypted channels leave organizations vulnerable to malicious insider threats:

  • Preventing data loss: CryptoAuditor helps prevent data loss across encrypted channel traffic with inline, real-time and transparent audit capabilities for federal agencies, retailers and other organizations transmitting sensitive information.
  • Interactive and automated: CryptoAuditor can intercept, monitor, record and replay the content of the most common data-in-transit encryption protocolsused in network environments for interactive and automated sessions.
  • Reducing risks: Expanded support enables organizations to monitor and control SSL/TLS,Secure Shell, SFTP and RDP connections, closing security gaps and reducing the risk posed by advanced external threats.
  • Independent validation: To achieve FIPS 140-2 validation, cryptographic modules undergo stringent testing by independent, accredited test facilities.
  • Recognized worldwide: FIPS 140-2 certification is also recognized in Australia and Europe. SSH is working with security standardization bodies in the U.S., Europe, Asia and beyond to ensure that its products meet compliance standards.

Matthew McKenna, COO, SSH Communications Security, said:

“Just as hackers are relentless in their attacks, federal agencies must be relentless in their efforts to safeguard sensitive information. These agencies must comply with the most rigorous standards available, which is why FIPS 140-2 assurance is so important. We are proud to provide the security assurance government agencies need for preventing misuse of encrypted channels.”

About SSH Communications Security

SSH Communications Security is the market leader in developing advanced security solutions that enable, monitor and manage encrypted networks. Over 3,000 customers across the globe trust the company’s encryption, access control and encrypted channel monitoring solutions to meet complex compliance requirements, improve their security posture and save on operational costs. SSH Communications Security is headquartered in Helsinki, Finland and has offices in the Americas, Europe and Asia. The company’s shares (SSH1V) are quoted on the NASDAQ OMX Helsinki.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now