
The security of databases is of paramount importance for an organization’s reputation. Modern databases handle a massive workload of sensitive information and must have robust security safeguards in place. This is where the design principles outlined by Federal Information Processing Standards (FIPS) come into play.
What is FIPS 140-2?
The security of databases is of paramount importance for an organization’s reputation. Modern databases handle a massive workload of sensitive information and must have robust security safeguards in place. This is where the design principles outlined by FIPS 140-2 come into play.
FIPS 140-2 is a standard developed by the National Institute of Standards and Technology (NIST) that defines the requirements for cryptographic modules used in securing sensitive information. By adhering to these standards, modern databases can ensure that they have implemented the necessary security measures to protect against unauthorized access, data breaches, and other cyber threats. These safeguards are critical in safeguarding the integrity, confidentiality, and availability of the data stored within the database, ultimately providing peace of mind for organizations and their stakeholders.
Why should my database be FIPS-compliant?
All United States government agencies, contractors, and even external parties working for federal agencies are mandated to use FIPS 140-2 to protect data. FIPS compliance is also becoming globally recognized as one the most effective ways to ensure data security. In effect, any organization that achieves FIPS compliance can be regarded as a trusted supplier. In addition to government agencies, FIPS-compliance is now in demand in various industries including finance, healthcare, and manufacturing.
By achieving FIPS compliance, organizations are able to demonstrate they have undergone the demanding testing that is required to meet the necessary standards. The validation process is voluntary, but many organizations require that cryptographic modules used in their systems be validated to FIPS 140-2.
Who enforces compliance with FIPS?
NIST is responsible for enforcing compliance with FIPS 140-2. The Cryptographic Module Validation Program (CMVP) is a joint effort between NIST and the Communications Security Establishment (CSE) of the Government of Canada. The CMVP validates cryptographic modules to FIPS 140-2 and other cryptography-based standards.
The validation process involves testing the cryptographic module against the standard’s requirements and then submitting the test results to the CMVP for review and certification. Once a cryptographic module is validated, it is added to the list of validated cryptographic modules maintained by NIST.
Fujitsu Enterprise Postgres extends PostgreSQL security features
Fujitsu takes PostgreSQL security to new heights with Fujitsu Enterprise Postgres. This enterprise-grade database solution adds an extra layer of protection to PostgreSQL's already robust security features, ensuring unparalleled data security for businesses.
Transparent Data Encryption - 256-bit encryption is one of the most secure encryption methods available as it uses a 256-bit key to encrypt/decrypt data. Our built-in encryption feature automatically encrypts tablespaces, without the need to modify existing applications.
Data Masking - Data Masking allows you to retain the actual structure of the data when sharing a database with sensitive customer information beyond the permitted production environment, such as for development and testing.
Dedicated Audit Log- This is a unique feature of Fujitsu Enterprise Postgres to deliver in the key areas of data accountability, traceability, and the ability to audit. It is also Payment Card Industry Data Security Standard (PCI DSS) compliant.
Key management for Transparent Data Encryption- Increased flexibility to use KMIP certified external Key Management Systems (KMS) for improved data security. Reduced risk of data leakage by storing encryption keys outside the database. Better governance by the division of role between the database administrator and the administrator for Master Encryption Keys.
Cloud-based key management - Allows you to store Transparent Data Encryption keys in cloud key management services. Supports plug-ins to call communication adapters in the cloud and to share data encryption keys. Key management services in the cloud provide more choices for key management, lower operational costs, and increased security.
Confidentiality management - Fujitsu Enterprise Postgres offers simplified operations for role-based access control (RBAC) setting and audit. You can group resources by level of confidentiality, and group users by job title and type of work. With easier and more efficient security operations, human errors are reduced and security risks are minimized.
Policy-based password management - Prevent unauthorized logins and improve database security with the ability to restrict logon and manage the password complexity, number of consecutive failures, and password expiry date.
Anomaly detection - Enables you to identify suspicious items, events, or observations based on the fact they differ from the majority of the data. These can often be problems such as fraud, a structural defect, or errors in text.
To explore the full range of enhancements that Fujitsu Enterprise Postgres brings to PostgreSQL's exceptional performance, reliability, and security capabilities, download our brochure 'Compare features across versions'.


The bottom line
Fujitsu continues to demonstrate its commitment to excellence by completing the FIPS 140-2 validation program and acquiring our certificate (#4658). Fujitsu Enterprise Postgres is now eligible to be procured by U.S. federal agencies, including the Department of Defense, as well as for use in regulated industries such as utilities, finance, and healthcare.
Take it for a spin and see for yourself
You can try Fujitsu Enterprise Postgres with a fully-featured trial version to experience a frictionless hybrid cloud that can help you modernize to respond faster to business demands. Contact us to obtain your trial version.