<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2826169&amp;fmt=gif">
Start  trial

    Start trial

      img-badge-anim-fips-compliant-01Fujitsu has partnered with SafeLogic to equip Fujitsu Enterprise Postgres with a FIPS-compliant crypto library that protects your data at rest and data in flight through robust cryptographic algorithms.

      Fujitsu continues to demonstrate its commitment to excellence by completing the FIPS 140-2 validation program.

      The security of databases is of paramount importance for an organization’s reputation. Modern databases handle a massive workload of sensitive information and must have robust security safeguards in place. This is where the design principles outlined by Federal Information Processing Standards (FIPS) come into play.

      What is FIPS 140-2?

      The security of databases is of paramount importance for an organization’s reputation. Modern databases handle a massive workload of sensitive information and must have robust security safeguards in place. This is where the design principles outlined by FIPS 140-2 come into play.

      FIPS 140-2 is a standard developed by the National Institute of Standards and Technology (NIST) that defines the requirements for cryptographic modules used in securing sensitive information. By adhering to these standards, modern databases can ensure that they have implemented the necessary security measures to protect against unauthorized access, data breaches, and other cyber threats. These safeguards are critical in safeguarding the integrity, confidentiality, and availability of the data stored within the database, ultimately providing peace of mind for organizations and their stakeholders.

      Why should my database be FIPS-compliant?

      All United States government agencies, contractors, and even external parties working for federal agencies are mandated to use FIPS 140-2 to protect data. FIPS compliance is also becoming globally recognized as one the most effective ways to ensure data security. In effect, any organization that achieves FIPS compliance can be regarded as a trusted supplier. In addition to government agencies, FIPS-compliance is now in demand in various industries including finance, healthcare, and manufacturing.

      By achieving FIPS compliance, organizations are able to demonstrate they have undergone the demanding testing that is required to meet the necessary standards. The validation process is voluntary, but many organizations require that cryptographic modules used in their systems be validated to FIPS 140-2.

      Who enforces compliance with FIPS?

      NIST is responsible for enforcing compliance with FIPS 140-2. The Cryptographic Module Validation Program (CMVP) is a joint effort between NIST and the Communications Security Establishment (CSE) of the Government of Canada. The CMVP validates cryptographic modules to FIPS 140-2 and other cryptography-based standards.

      The validation process involves testing the cryptographic module against the standard’s requirements and then submitting the test results to the CMVP for review and certification. Once a cryptographic module is validated, it is added to the list of validated cryptographic modules maintained by NIST.

      Fujitsu Enterprise Postgres extends PostgreSQL security features

      Fujitsu takes PostgreSQL security to new heights with Fujitsu Enterprise Postgres. This enterprise-grade database solution adds an extra layer of protection to PostgreSQL's already robust security features, ensuring unparalleled data security for businesses.

      img-roundel-01-transparent-data-encryptionTransparent Data Encryption  - 256-bit encryption is one of the most secure encryption methods available as it uses a 256-bit key to encrypt/decrypt data. Our built-in encryption feature automatically encrypts tablespaces, without the need to modify existing applications.Read more >

      img-roundel-02-data-maskingData Masking - Data Masking allows you to retain the actual structure of the data when sharing a database with sensitive customer information beyond the permitted production environment, such as for development and testing.Read more >

      img-roundel-03-dedicated-audit-logDedicated Audit Log- This is a unique feature of Fujitsu Enterprise Postgres to deliver in the key areas of data accountability, traceability, and the ability to audit. It is also Payment Card Industry Data Security Standard (PCI DSS) compliant. Read more >

      img-roundel-04-key-management-for-transparent-data-encryptionKey management for Transparent Data Encryption- Increased flexibility to use KMIP certified external Key Management Systems (KMS) for improved data security. Reduced risk of data leakage by storing encryption keys outside the database. Better governance by the division of role between the database administrator and the administrator for Master Encryption Keys.Read more >

      img-roundel-05-cloud-based-key-managementCloud-based key management - Allows you to store Transparent Data Encryption keys in cloud key management services. Supports plug-ins to call communication adapters in the cloud and to share data encryption keys. Key management services in the cloud provide more choices for key management, lower operational costs, and increased security. Read more >

      img-roundel-06-confidentiality-managementConfidentiality management - Fujitsu Enterprise Postgres offers simplified operations for role-based access control (RBAC) setting and audit. You can group resources by level of confidentiality, and group users by job title and type of work. With easier and more efficient security operations, human errors are reduced and security risks are minimized. Read more >

      img-roundel-07-policy-based-password-managementPolicy-based password management - Prevent unauthorized logins and improve database security with the ability to restrict logon and manage the password complexity, number of consecutive failures, and password expiry date.Read more >

      img-roundel-08-anomaly-detectionAnomaly detection - Enables you to identify suspicious items, events, or observations based on the fact they differ from the majority of the data. These can often be problems such as fraud, a structural defect, or errors in text. 

      To explore the full range of enhancements that Fujitsu Enterprise Postgres brings to PostgreSQL's exceptional performance, reliability, and security capabilities, download our brochure 'Compare features across versions'.

      img-mockup-resource-brochure-compare-features-across-versions img-mockup-resource-open-brochure-compare-features-across-versions-pages-02-and-03
      View brochure

      The bottom line

      img-mockup-sticker-fep-01Fujitsu continues to demonstrate its commitment to excellence by completing the FIPS 140-2 validation program and acquiring our certificate (#4658). Fujitsu Enterprise Postgres is now eligible to be procured by U.S. federal agencies, including the Department of Defense, as well as for use in regulated industries such as utilities, finance, and healthcare.

      Take it for a spin and see for yourself

      You can try Fujitsu Enterprise Postgres with a fully-featured trial version to experience a frictionless hybrid cloud that can help you modernize to respond faster to business demands. Contact us to obtain your trial version.

      Contact us >

      Topics: PostgreSQL, Database security, Fujitsu Enterprise Postgres, Announcement, Security, FIPS, Federal Information Processing Standards

      Receive our blog

      Search by topic

      see all >
      Marcos Figueiredo
      Director of Center of Excellence and Global Offering Manager
      Experienced in International Business Development with a demonstrated history of working in the information technology and services industry.
      Skilled in Data Storage, Storage Area Network (SAN), and IT Strategy. Strong sales professional from UNC Kenan-Flagler Business School.
      Our Migration Portal helps you assess the effort required to move to the enterprise-built version of Postgres - Fujitsu Enterprise Postgres.
      We also have a series of technical articles for PostgreSQL enthusiasts of all stripes, with tips and how-to's.


      Explore PostgreSQL Insider >
      Subscribe to be notified of future blog posts
      If you would like to be notified of my next blog posts and other PostgreSQL-related articles, fill the form here.

      Read our latest blogs

      Read our most recent articles regarding all aspects of PostgreSQL and Fujitsu Enterprise Postgres.

      Receive our blog

      Fill the form to receive notifications of future posts

      Search by topic

      see all >