Pragma Systems SSH Server & Client are FIPS 140-2 Compliant now and are in the process to attain FIPS 140-3 Compliance in 2026
In the recent past, Pragma's SSH crypto library had attained twice the FIPS 140-2 Certifications, making Pragma the only SSH vendor to have done so. Our achieved certification CMVP #3171 is listed below in link for historical understanding and proof. But due to a dependent certificate we used from Microsoft expiring early, Pragma CMVP #3171 went to be one in grandfathered list in CMVP along with many other vendors facing the same fate.
From that point on in 2024, Pragma decided its Fortress SSH and crypto library to be at FIPS 140-2 Compliant level using Microsoft FIPS 140-2 Certified Microsoft Cryptographic Primitives Library CMVP #4825 and CMVP #4536. CMVP #4825 is used for Windows 11 and other new Windows version builds. CMVP #4536 is used for Windows 10 and other older Windows versions. One reason we can support both CMVP #4825 and #4536 is, Pragma SSH crypto layer dynamically loads (instead of static linking) Microsoft Cryptographic Primitives Library hosted on that Windows OS, thus allowing Pragma SSH, Fortress and Telemote, to work in all modern Windows OS with FIPS 140-2 Compliance, with a single recent build of our software. You can get more information of Microsoft NIST #4825 certificate link at: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4825. Microsoft NIST #4536 certificate link is at: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4536
Pragma Fortress SSH is expected to attain FIPS 140-3 Compliance in 3Q 2026. Microsoft Cryptographic Primitives Library, which Pragma SSH and crypto layer uses, is going through FIPS 140-3 Certifications for over last 18 months and expected to attain it before September 30, 2026.
Overall use of FIPS Compliant Pragma SSH:
By using Pragma's SSH Server and Client technologies, customers can deploy
these secure file transfer and copy capabilities knowing the embedded Cryptographic
Module has met the highest possible security standards. This ensures that your file
transfers are protected by best-in-class security.
The Pragma SSH Server is built with FIPS 140-2 Compliant Cryptographic
Library to provide for secure transfer of data. This version of Pragma's
SSH Server uses the validated cryptographic library to ensure that it operates
using only FIPS-approved algorithms for encryption of transferred data when using
Secure Copy (SCP) and Secure File Transfer Protocol (SFTP).
Pragma Systems' SSH Server and SSH Client are now available with Federal Information Processing Standard (FIPS) 140-2 certification by the National Institute of Standards and Technology. Data security encryption compliance is mandatory for U.S. federal agencies, the U.S. Department of Defense, the Canadian government, financial institutions and many private sector agencies when it is determined that cryptography is necessary for protecting sensitive information.
The Cryptographic Module Validation Program (CMVP) is the accreditation program that validates cryptographic modules to this standard. The CMVP is a joint effort between the National Institute of Standards and Technology (NIST) and the Communications Security Establishment (CSE) of the Government of Canada. Cryptographic Modules validated through the program are subjected to rigorous testing by independent, accredited Cryptographic Module Testing (CMT) laboratories.
For more information about the FIPS requirements through NIST: here .
For more information about FIPS: here.
Most government agencies such as the Department of Defense require FIPS validation for the commercial systems they utilize to protect the integrity of data traffic traveling across their infrastructure environments. Similarly, companies in various market segments such as healthcare, financial and supply chain management are under increasing pressure to ensure that customer, vendor and patient information is secure when traveling across networks. To meet that need, many companies in these markets are implementing the same FIPS standard mandated by the U.S. government.